Chapter 8 - 06 - Understand the Fundamentals of CM and Asset Management PDF

Summary

This document describes configuration review and security content automation protocol (SCAP). It also discusses configuration management tools, including network configuration manager. The document covers the basics of IT change management focusing on the automation of change records and processes.

Full Transcript

Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 O Configuration ° Configuration review is a process of verifying the configuration settings of hardware and software devices/components such as systems, servers, and firewalls in an enterprise. a Review The Security Content Automation Protocol (SCAP) is a standard evaluation process used to validate the security standards of an organization’s network and devices connected to the network Standard Components of SCAP Open Vulnerability Assessment Language (OVAL) Y » Extensible Configuration Checklist Description Format (XCCDF) Itis an international information security community standard for evaluating and reporting system condition » Itis a language used for writing security contents such as checklists, system configuration procedures, and benchmarks It uses XML schema to expose the vulnerabilities in a system Copyright © by All Rights Reserved. Reproduction is Strictly Prohibite Configuration Review Configuration software review is a process devices/components of verifying the configuration in an enterprise. Configuration settings of hardware review covers devices such and as systems, servers, firewalls, and all the other network-connected devices. While adding a new device or a component to the network, if the configuration is not fully implemented, the entire network can become vulnerable to attacks. It is important to schedule a periodical evaluation of system security and configuration review of security components, which can eliminate misconfiguration issues and default configuration settings. Security Content Automation Protocol (SCAP) The Security Content Automation Protocol (SCAP) is a standard evaluation process used to validate the security standards of an organization’s network and devices connected to the network. It is an automated process that checks for bugs, security misconfigurations, and product updates and explores the vulnerabilities in the network. SCAP is a combination of multiple standard components, some of which are as follows. = Open Vulnerability Assessment Language (OVAL): OVAL is an international information security community standard for evaluating and reporting system condition. It uses a standard Extensible Markup Language (XML) schema to expose the vulnerabilities in a system. = Extensible Configuration Checklist Description Format (XCCDF): XCCDF is a language used for writing security contents such as checklists, system configuration procedures, and benchmarks. An XCCDF document is a set of security configurations of selected systems and is developed in a system-understandable format. Compatible software can only be used to validate the system. Module 08 Page 1126 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Configuration Management Tools Network Configuration Manager is a network change, configuration, and compliance management solution for various network devices Network Configuration Manager e Ansible https://www.ansible.com Po CFEngine https.//cfengine.com Pelicies (¢ HIPAAROIcy vRealize Automation SaltStack Config https://www.ymwore.com Microsoft Endpoint Manager https://www.microsoft.com Puppet Enterprise https.//puppet.com https//www.manageengine.com il. All Rights Reserved. Reproduction is Strictly Prohibited. Configuration Management Tools Configuration management tools are used to perform various activities to ensure the stability of physical and logical assets. These tools are used to locate and track configuration items (Cls) and store relevant data in the configuration management database (CMDB). = Network Configuration Manager Source: https://www.manageengine.com Network Configuration Manager is a network change and compliance management solution for various network devices. It helps in automating and managing the configuration management lifecycle. Network Configuration Manager consists of various features that include the following: o Automated configuration backup o Scheduling configuration backup o Database backup and disaster recovery o Baseline configuration o Configuration versioning and comparison Module 08 Page 1127 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 HDesaQ Network Configuration Manager Dashboard Inventory Compliance Change Management Alarms Tools Settings Pu Reports Policies (6) HIPAAPolicy oOopRDZ HIPAA Compliance Policy. NCM runs Actions Running configur ation and ensures the configuration stay compliant 1o the Run through sl the associated devices policy's rubes. Associate Your or ganization is 1(1)% Comofiant Compliance Run compliant to Regulatory (8 Y Mandates Adhoc Generate ] e @ Check policy new O NCM runs through all the associated Actions endures the configuration stay compliant to the policy's rules, Run devices Runaing configuration and Dev G Compliance Chec Associate Devices Test Renort Report N[ Please O% Comoliant ensure that you satisty all the compliance o < Run G Adhoc snerate B Test Reoort eport ompli 0 Viol: Violats 0 Figure 8.21: Dashboard of Network Configuration Manager The following are some additional configuration management tools: * Ansible (https.//www.ansible.com) » CFEngine (https://cfengine.com) = vRealize Automation SaltStack Config (https.//www.vmware.com) * Microsoft Endpoint Manager (https.//www.microsoft.com) » Puppet Enterprise (https://puppet.com) Module 08 Page 1128 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Change Management ? Change Management Process Change management is a process of managing the changes to an organization’s IT systems and infrastructure L @’ P | Doemen ‘9 : Analyze Change RaEecs Management Process The main focus of change management is to enforce an appropriate plan for implementing and controlling changes and assisting individuals in adapting to Implement 3 those changes Changes : ' ~ — - “M o Changes o Change Management Change management is a process of managing the changes to an organization’s IT systems and infrastructure. It is an organized procedure that addresses the enterprise’s objectives, functionalities, and technologies. The main focus of change management is to enforce an appropriate plan for implementing and controlling changes and assisting individuals in adapting to those changes. The change management process should be attentively planned and executed because unwanted changes to a system or network can cause adverse effects on the associated processes and components. The management process must be implemented with a rollback mechanism so that any unintended changes can be reverted. The changes are then classified based on their expected impacts and risk levels on the organization’s assets. The change control process, a subset of the change management process, is a technique employed to request and approve changes in a controlled, organized, and effective manner. This type of change management their impacts, and process includes a systematic method of requesting changes, analyzing approving changes while monitoring them until implementation and documenting or reporting them for assessing their effects further. Module 08 Page 1129 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Request Analyze Impacts Management Process Implement Changes Figure 8.22: Change management process Continual business processes, and changes assets are to adapt unavoidable, to the changes and change management swiftly to improve the allows individuals, success rate of the changes. Inconsistent and poorly implemented business changes can put the business at risk or necessitate expensive and unnecessary re-implementation. Advantages of Change Management Frequent and meticulously devised changes can improve the efficiency of business processes. An effective change management process can enable organizations to do the following: = Evaluate and comprehend the required changes and their effects on the running processes = Support all the resources to be adapted to new changes = Reduce the time and cost required for implementing changes = Make employees aware of new changes = |Implement effective strategies to enhance communication = |mprove business collaboration = Allow continuous business operations even during the implementation of changes = Reduce the probability of change failures Module 08 Page 1130 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Change Management Tools SunView ChangeGear It is an IT change management software that allows the automation of the capture and processing of all IT change records across an enterprise ) ' ManageEngine ServiceDesk Plus https://www.manogeengine.com StarTeam https://www.microfocus.com Freshservice IT Asset Management Software https://freshservice.com SolarWinds Service Desk https://www.solorwinds.com SysAid https://www.sysoid.com https//www sunviewsoftwore.com v Copyright© by N Rights Reserved. Reproduction sStrictly Prohibited. Change Management Tools = SunView ChangeGear Source: https://www.sunviewsoftware.com SunView ChangeGear is an IT change management software that allows the automation of the capture and processing of all IT change records across an enterprise. It eliminates emails, spreadsheets, and other manual methods for tracking IT changes. Figure 8.23: Screenshot of SunView ChangeGear Module 08 Page 1131 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools The following are some additional change management tools: * ManageEngine ServiceDesk Plus (https://www.manageengine.com) = StarTeam (https://www.microfocus.com) = Freshservice IT Asset Management Software (https://freshservice.com) = SolarWinds Service Desk (https://www.solarwinds.com) = SysAid (https://www.sysaid.com) Module 08 Page 1132 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.