April 30, 2009

by Wim Remesenergy

In tough economic times and on a low budget, it might prove difficult to keep your team on track.  We all know IT people are a weird species; more than others constantly on the lookout for new and exciting things and staying on top (or in front) of the wave.

I’ve learned that getting your hands one bleeding edge technology is one thing, but really adding value to the business is something else.  Instead of waiting for those new projects, this is the time to “squeeze the lemon” and take a look at what we can achieve with what is already in our hands. You might be amazed by the extra juice you can get out of it.

Preparing for tomorrow started yesterday, and it’s our responsibility to challenge our teams to make that extra effort.  Here are three things you can do without huge initial investments.

Logging (+ analysis and reporting)

Every part of your infrastructure generates tons of interesting messages, but unfortunately this information is often forgotten. Start with the obvious ones like firewalls, wireless controllers, critical servers, core switches and routers.  Gather whatever you can get in one place and start looking at it.  Doing so allows you to identify what is important for your situation and what’s not. From there you can go on to define metrics and start reporting on them.  This doesn’t require big SIEM implementations; you can start with a basic syslog server.  The most interesting approach for me is to chop the infrastructure into small chunks and take them on one by one.  You will grow into it and you’ll see that your infrastructure is trying to tell you stuff you never expected.  To make analysis easier, I’d suggest you visit www.secviz.org; they have great tools and information on visualizing information.

Data classification

This is not a simple feat, and be aware that you will not be able to do this with IT people alone.  The stuff you learn within your own department will allow you to steer the rest of the company in later iterations of the project.  First look at what information is scattered over the network.  You’ll be amazed with what you find. That desktop installation procedure from back in ’99, containing the admin password ? Yes, that password that is still in use on your main router. First eliminate outdated information, then define ownership. Thus you are effectively aligning your information with the new processes and functions in your department. The owner of the information can then continue to define access requirements and how and when to backup the information.  You’re catching the drift. This can bring major benefits to your department and your employer.

Access Management

Obviously, you’re not taking on a full-blown Identity and Access Management project but there is a lot you can do in this area.  Go out to discover dead accounts, orphaned objects, historic access permissions, etc. Make an inventory of what you have and see if it still covers the bases.  Get rid of excess groups and other objects. This also goes for login scripts and for those of you using Active Directory and group policies.  Tackling these issues improves the control you have over your environment, preparing you for efficiently handling future projects.

There’s a lot more you can do.  The underlying message is probably that there’s much more you can do with what you already have.  Listening to the whispers and giving the screws that additional turn improve control over and knowledge about your environment, making it a ship that you can maneuver more easily.

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.