{"id":9136,"date":"2008-07-23T10:13:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=9136"},"modified":"2008-07-23T10:13:00","modified_gmt":"1999-11-29T20:00:00","slug":"auditing-your-data-centre","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=9136","title":{"rendered":"Auditing Your Data Centre"},"content":{"rendered":"<p>I have a strong dislike for auditing.\u00a0 It&#8217;s a time consuming process.\u00a0 But you know, if you use the right systems management tools it doesn&#8217;t need to be.\u00a0 Microsoft&#8217;s Optimised Infrastructure model and Dynamic Systems Initiative preach automation and expertise built into the network.\u00a0 The latest generation of System Centre allows for this.\u00a0 Microsoft released a short <a href=\"http:\/\/download.microsoft.com\/download\/6\/6\/5\/665fcea2-89b2-4e5d-b80e-e7ac78a4968e\/SC_Managing_Data_Center_Compliance_White_Paper.pdf\">white paper<\/a> that looks at data centre auditing.\u00a0 It&#8217;s not something I&#8217;d really considered until the last few months.\n<\/p>\n<p>Network and some *NIX administrators have long used SYSLOG tools.\u00a0 The idea is that all events are forwarded to a central store.\u00a0 It gives a synchronised view of what is happening across a multitude of devices.\u00a0 It allows for diagnostics.\u00a0 But from an auditors point of view, it gives an audit trail of who did what and when.\u00a0 You can get this sort of functionality going with Windows as well.\u00a0 I&#8217;m not a network or *NIX admin but I&#8217;m guessing their security logs are not that different to one on a Windows box, i.e. lots of noise and they require significant time to filter through to figure out what was really going on.\n<\/p>\n<p>System Centre Operations Manager (SCOM or OpsMgr) 2007 includes Audit Collection Services.\u00a0 I first heard of ACS at TechEd Europe in Amsterdam in 2004.\u00a0 It was going to be a standalone tool but after a lengthy delay it finally saw the light as a part of OpsMgr.\u00a0 You can turn on ACS on your OpsMgr agents to enable centralised security logging for Windows platforms.\u00a0 What makes it different to SYSLOG is that Microsoft&#8217;s developers have identified the important events that illustrate what is going on and they only forward those events to the ACS database.\u00a0 The ACS database is separate to the rest of the OpsMgr databases so you can permission it differently, i.e. only your auditors or security staff would have access to it if required.\n<\/p>\n<p>I don&#8217;t know if the new Cross Platform Extensions for OpsMgr will allow for ACS on Linux platforms.\u00a0 I suspect that they won&#8217;t.\u00a0 Anyway, you&#8217;re going to still need SYSLOG for your network devices.\u00a0 From what I&#8217;m seeing recently, network monitoring tools (which are often freeware) seem to run and be supported best when running on Linux.\u00a0 Yes, you read that on my blog &#8230; something running best on Linux.\u00a0 I am open to non-MS products!\n<\/p>\n<p>That&#8217;s great for monitoring your security activities, but that&#8217;s only half of the story.\u00a0 You need to build a secure and regulatory complaint infrastructure and maintain that integrity.\u00a0 I knew a security consultant in Germany who spent a huge amount of time building an automated auditing tool set that dumped data into a central store and allowed for reporting.\u00a0 It covered all sorts of platforms.\u00a0 It was a really great idea.\u00a0 But this guy was an alpha geek.\u00a0 Owning and running that toolset required his level of abilities, I&#8217;m guessing.\n<\/p>\n<p>System Center Configuration Management (SCCM or ConfigMgr) 2007 features Desired Configuration Management (DCM).\u00a0 DCM allows you to use either a set of pre-built or custom made templates to audit your Microsoft network on a recurring and automated basis.\u00a0 That means there&#8217;s no more logging into each box to check out the configuration of the box.\u00a0 Everything is automated.\u00a0 You&#8217;re also building that expertise into the network by using templates.\u00a0 Heck, Microsoft even gives away a set of <a href=\"http:\/\/www.microsoft.com\/technet\/prodtechnol\/scp\/configmgr07.aspx?SCPProdID=6&amp;Keywords=desired\">DCM packs<\/a> for the products to cover regulators like SOX, FISMA, EUDPD, HIPAA and more!\u00a0 Now you can just tell your auditors to run a report to see the configuration health of your network.\u00a0 No more wasted admin or auditor time or complexity, e.g. delegated admin rights on servers and applications.\u00a0 The DCM tool is easy enough to get your head around in order to build your own templates for auditing 3rd party or internal applications.\u00a0\n<\/p>\n<p>If you&#8217;re in a regulated market, e.g. finance, health, pharmaceuticals, etc, then you&#8217;re probably required to have these sorts of controls.\u00a0 If you&#8217;re using System Centre then it makes sense to look into and enable these functions to make your job easier.\u00a0 Sure, you may require another server and some storage but when you compare time savings VS capital costs, there&#8217;s really only one logical way forward: build that expertise into the network and leverage the available automation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have a strong dislike for auditing.\u00a0 It&#8217;s a time consuming process.\u00a0 But you know, if you use the right systems management tools it doesn&#8217;t need to be.\u00a0 Microsoft&#8217;s Optimised Infrastructure model and Dynamic Systems Initiative preach automation and expertise built into the network.\u00a0 The latest generation of System Centre allows for this.\u00a0 Microsoft released &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=9136\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Auditing Your Data Centre&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-9136","post","type-post","status-publish","format-standard","hentry","category-architecture"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9136"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9136\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}