Gold Standard Configuration for Network Devices
Looking to define the Gold Standard Configuration for your network devices? indeni contains a layer that translates the output of queries into structured data
Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
Network and security teams in large enterprises spend quite a bit of time defining their “Gold Standard Configuration” for network devices – a checklist of how all of their devices should be configured. Some of the items on the checklist are operational (what hotfix you have installed) while some are for compliance (which users are defined). Either way, it’s apparently very difficult to stay on top of this checklist without indeni, as we’ve discovered from our customers. Items on the list include things like:
- Software version in use – enterprises try to standardize on certain versions to reduce unexpected events and increase usability (if all of the devices made by a given manufacturer behave the same, it’s easier to manage them). In some cases, they even standardize on certain hotfixes.
- OS-level settings: users defined, SNMP monitoring and syslog servers, authentication settings, NTP, etc.
- Hardening: what ports and services are open/accessible.
So, how do we see organizations enforce their Gold Standard Configuration for their network devices?
- They write a long Word or Excel document and share it within the team hoping someone will use it.
- They write scripts that test some aspects of the gold config. Usually these scripts are written as a hobby and so aren’t maintained very well.
- They use tools like SolarWinds’s Orion NCM or TripWire, spending years of their life tuning those tools to look for certain configurations only to need to re-do all that once the product manufacturer decides to release the next major version.
indeni is here to make your life better:
Our software contains a layer that translates the output of queries into structured data. We call this “measurements” internally, but essentially each setting for each device is represented in a database in a manner that is completely agnostic to how it’s represented in the device’s own config files. So, for example, the settings for which NTP server to use appear similar to this for Cisco, Check Point Firewalls, F5 Load Balancers and Palo Alto Network Firewalls alike:
{measurement: ntp_server, host: pool.ntp.org version: 3}
So, that means that all you need to do is tell indeni what the NTP server needs to be, and indeni will regularly check the configuration 24/7/365 of all of your devices (or a group of them) irrespective of the manufacturer of those devices or the software they’re running. When the configuration doesn’t match your gold config, you’ll get an alert as well as see it on a weekly or monthly report. Saving you weeks of your life, every, single, year.
Achieve 99.9999% 45 minutes.
[button size=”medium” style=”primary” text=”Try indeni” link=”/create-a-smarter-network-in-just-45-minutes-no-agents/””]