System Administration and Network Security

[SL/SL]

The Goal: Inventory, Secure, and Track all computers that I am responsible for.

The Background: I have begun work as a systems administrator for my organization and I am a bit overwhelmed. Because of my weak background in both network security and system administration I have been unable to decide on a jumping off point.

The Question: If I want to accomplish my goal, where do I start and where do I go?

[nihil]

Well,

I guess I would start with the inventory as that is the lowest hanging fruit.

There are plenty of software packages around, for example:

http://www.lansweeper.com/

http://www.expressmetrix.com/about/p...dwordscampaign

I quite like BELARC's products:

http://www.belarc.com/

[oofki]

Well the problem with completely automated inventory is if the host is down or it cant be reached you cannot collect data, and you will never know its physical location.

I work on an internal product at EMC that is a web application that allows us to inventory all types of equipment and it goes out and collects information on computers, switches, etc that it can.

It is also our ticketing system, reservation system, and requisition system.

It is written in php, html, and js with an oracle back end. All of the equipment we obtain is entered into the system manually and "lab staff" is allowed to change the information that is stored in inventory.


I am the only one who is currently developing it but it has been worked on for over THREE years. My point is unless you have a lot of resources it is really hard to develop such an application and "over the counter" apps arent nearly as extensive. If you do come across something nice please do let me know though :-)

[nihil]

Well the problem with completely automated inventory is if the host is down or it cant be reached you cannot collect data, and you will never know its physical location.

Exactly! which is why most of us end up with a partially manual system. It all depends on how static/mobile your environment is and whether you control movements. Like no unauthorised person relocates computer equipment.

My point is unless you have a lot of resources it is really hard to develop such an application and "over the counter" apps aren't nearly as extensive. If you do come across something nice please do let me know though :-)

Very true, and there are a lot of packages around. I cannot say I have investigated any of them recently, but as you can get them on trial you might be best of by trying a few and doing Fagan inspections on the results.

That would at least help you to "break the back of it"

[phishphreek]

Can you provide some more basic info about your environment? How many users? How many physical locations? How are they connected? What kind of servers? etc. What kind of money do you have to throw at this?

Everyone's environment is different and what works for me is going to be very different from what works for you.

In the past, I worked with Numara's TrackIT8 and I loved it for managing purchases, help desk tickets, solutions, auditing assets and keeping track of various software. It was pretty easy to track software on workstations and alert when software has been either added or removed without permission. Audits can be run via login script or scheduled. All of the data was stored in a sql database so it was quite easy to link home brew access databases into for tracking things like switch port assignments, program access, etc. They even give you access to the data dictionary to help you on your way. Their support was wonderful. They are in the US and it was easy to understand them and work with them. They gave you a feeling that they really cared about your problem and would help you work through it. I really do miss that software.

I've recently changed employers and I'm sitting in a position much like you. I have to analyze their security and redesign their network. It was originally setup by someone who really didn't know much about servers or networking. He was actually a programmer. So, instead of using features they already had... he decided to write solutions in house to the various problems they encountered. Take various COTS and hack the hell out of them. Upgrading and patching is a nightmare because you don't know exactly what it's going to break.

They're currently using servicedesk from adventnet and I HATE it with a passion. Their asset/audit management portion is horrible. It uses WMI to gather it's info and doesn't have an option to install an agent on the workstation. That would be great if I were in a active directory environment and all of my systems were windows. Their support is somewhere overseas and about worthless as you can't understand a word they say. They're using some horrible VoIP solution that cuts out often and their accent is very strong. They could really care less about what you have to say anyway. They try to "trick" you into thinking that they're in California by using names like "Todd" or "Betsy" with email addresses like "todd@adventnet.com" or the like. We just recently had to renew our subscription and it was a nightmare. It took their sales team a full week to get us a quote and another week to actually process it. During this time, the subscription expired and everyone was locked out of the software. When the license came, it was for the wrong product. So, we were granted access, but only to a very small number of features that we had paid for. Support could care less and they passed us back and forth between sales, licensing and support for another week before finally resolving the problem. 3 fsckin weeks of downtime of our "helpdesk" software and they couldn't have cared less about us.

If you don't have much $ to throw at it, then there are bunch of various open source tools you can use. OCS inventory is one I was toying around with for a while in conjunction with OSSIM.

There are a ton of great network monitoring tools I found here. It's not completely up to date but it's close. Not to mention the various open source tools like Cacti, Nagios, Netdisco, etc.

As far as security is concerned... if you're in an Active Directory environment... get to know the active directory and group policy at a very intimate level.

Scan the network and various servers using vulnerability assessment tools like nmap and nessus. Spend time analyzing those logs closely. Close security holes, determine if the security notes listed is something you can live with or figure out how you can reduce the notes. Disable unused services, etc.

I've been a fan of symantec endpoint security for endpoint antivirus, spyware, ids/ips and firewall and control over which devices users can attach to their workstations. I love their management console too!

I have a couple of legacy programs that are no longer supported but can't be taken off the network. Those systems can't be patched because we have no support and patching them breaks stuff. I was able to segment them in a way that I felt more comfortable about them being there.

Anyway, that's a start. I'm in the process of doing all of this myself and I'm also still learning.