IT Tools

Here are lists what I am using in my environment for Daily IT network security work. Hope it will help other network security administrator / analyst / architecture to compare with their environment. Please leave me a message if you do see there are some topics missing in my list. Most products and software are able to be found in the posts of this blog. Please use sitemap page or search function to look for related posts.
1. IT Service
2. Security Framework
3. Devices Management
4. Network Performance Monitoring
5. Lab Environment
6. WIFI
7. Compliance
8. Network Security Models

There are some other related posts in this blog:


1. IT Service

ITIL v3 -IBM Maximo Asset Management - Video Link

  • ITIL service strategy - specifies that each stage of the service lifecycle must stay focused upon the business case, with defined business goals, requirements and service management principles.     
  • ITIL service design - provides guidance for the production and maintenance of IT policies, architectures and documents. 
  • ITIL service transition - focuses upon change management role and release practices, providing guidance and process activities for transitioning services into the business environment.     
  • ITIL service operation - focuses upon delivery and control process activities based on a selection of service support and service delivery control points.     
  • ITIL continual service improvement - focuses upon the process elements involved in identifying and introducing service management improvements, as well as issues surrounding service retirement.

2. Security Framework

An information security framework is a series of documented processes that are used to define policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment. These frameworks are basically a "blueprint" for building an information security program to manage risk and reduce vulnerabilities. Information security pros can utilize these frameworks to define and prioritize the tasks required to build security into an organization.

2.1 ISO27000
The ISO 27000 series of standards have been specifically reserved by ISO for information security matters.
  • ISO27001:This is the specification for an information security management system (an ISMS) which replaced the old BS7799-2 standard
  • ISO 27002:This is the 27000 series standard number of what was originally the ISO 17799 standard (which itself was formerly known as BS7799-1)..
  • ISO 27003:This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (IS Management System) .
  • ISO 27004:This standard covers information security system management measurement and metrics, including suggested ISO27002 aligned controls..
  • ISO 27005: This is the methodology independent ISO standard for information security risk management..
  • ISO 27006: This standard provides guidelines for the accreditation of organizations offering ISMS certification.

2.2 COBIT
COBIT 5 is the only business framework for the governance and management of enterprise IT. , providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises.

2.3 NIST SP 800
"Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security controls for all U.S. federal information systems except those related to national security.

There is overlap between there frameworks so "crosswalks" can be built to show compliance with different regulatory standards. For example, ISO 27002 defines information security policy in section 5; COBIT defines it in the section "Plan and Organize"; Sarbanes Oxley defines it as "Internal Environment"; HIPAA defines it as "Assigned Security Responsibility"; and PCI DSS defines it as "Maintain an Information Security Policy." By using a common framework like ISO 27000, a company can then use this crosswalk process to show compliance with multiple regulations such as HIPAA, Sarbanes Oxley, PCI DSS and GLBA, to name a few.



3. Devices Management

3.1 Log Management
  • Log Analyzing - IBM QRada SIEM, Juniper STRM (Rebanded from QRadar)

3.2 Configuration Management - 


3.3 System Image Management - File Transferring 







3.4 Network Documentation









3.5 Network Access Control
  • Radius - TekRADIUS
  • Tacacs+ - Cisco ACS, Tacacs+



4. Network Performance Monitoring

  • Bandwidth Monitoring: PRTG, Inforblox NetMRI, Solarwinds NPM
  • Device Health Monitoring from Internet: http://www.monitor.us/
  • Device Health Monitoring from Internal: PRTG, Solarwinds NPM
  • Flow Collector: PRTG, Solarwinds NPM
a netflow collector with a web frontend (nfsen, or the flowview cacti plugin)
a cacti or equivalent service to track/graph bandwidth usage on every trunk, WAN and Internet Access circuits, IP SLAs, Smokepings, ...



5. Lab Environment




6. WIFI


  • Fluke Networks - AirCheck Wi-Fi Tester








7. Compliance


  • CompliantPro is a robust, extremely flexible, web-based compliance software system for proactively managing compliance to a variety of regulations and standards. The software provides the core functionality to manage processes for communicating, monitoring and documenting your diverse compliance activities.


8. Network Security Models


  • CIA Triad : onfidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency. The elements of the triad are considered the three most crucial components of security. Confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.
  • Cisco offers the integrated security solution, which delivers services above and beyond the "one size fits all" model. In addition, Cisco services are designed to deliver value throughout the entire network life cycle that includes the stages of prepare, plan, design, implement, operate, and optimize (PPDIOO). the Cisco PPDIOO model,  encompasses all the steps from network vision to optimization, enabling Cisco to provide a broader portfolio of support and end-to-end solutions to its customers.
  • Cisco Network Security Design Steps :Following a structured set of steps when developing and implementing network security will help you address the varied concerns that play a part in security design. Many security strategies have been developed in a haphazard way and have failed to actually secure assets and to meet a customer's primary goals for security. Breaking down the process of security design into the following steps will help you effectively plan and execute a security strategy:
    1. Identify network assets.
    2. Analyze security risks.
    3. Analyze security requirements and tradeoffs.
    4. Develop a security plan.
    5. Define a security policy.
    6. Develop procedures for applying security policies.
    7. Develop a technical implementation strategy.
    8. Achieve buy-in from users, managers, and technical staff.
    9. Train users, managers, and technical staff.
    10. Implement the technical strategy and security procedures.
    11. Test the security and update it if any problems are found.
    12. Maintain security.











No comments:

Post a Comment

NetSec Youtube Videos