This section provides an overview of security management.
A secured network must be managed securely.
Security management applications and technologies are used to monitor and control the network, including performing the following tasks:
■ Collecting, analyzing, and presenting network data to network managers. The tools used should allow for centrally storing and analyzing audit results, including logs and traps. In addition to logging using the syslog protocol, IDSs can be used to provide automatic correlation and in-depth visibility into complex security events, saving administrators a considerable amount of time.
■ Structured deployment and provisioning of security policies on security devices.
■ Maintaining consistency and change control of policies.
■ Providing roles-based access control and accounts for all activities, and implementing change control and monitoring to prevent accidental damage.
Organizations must audit changes made and ensure that new versions of device configurations and device software are installed according to corporate policies.
Security implementation is only as good as the security policies being implemented. The biggest risk to security in a properly planned network architecture is an error in the security policy. Network management personnel must be aware of the security policies and defined operational procedures so that they can respond to an incident quickly, reliably, and appropriately.
Was this article helpful?