This chapter covers the following topics:
- Utopian Management Goals
- Organizational Realities
- Protocol Capabilities
- Tool Capabilities
- Secure Management Design Options
- Network Security Management Best Practices
Things which you do not hope happen more frequently than things which you do hope.
Titus Maccius Plautus, "Mostellaria," Act I, Sc. iii, l. 40, 259-184 B.C.
Anyone can hold the helm when the sea is calm.
Publilius Syrus, Maxim 358, first century B.C.
In this chapter, you will learn the ins and outs of secure network management and network security management. The first is a way to manage your network securely; the latter is a way to manage the network security elements in your network. Secure network management is a superset of network security management, and combined, the two problems represent the single hardest issue in all of network security. It is discussed near the end of the book because it spans all technologies, best practices, policies, and designs.
Without secure network management, the act of configuring, monitoring, and maintaining would, in itself, create additional security risks on your network. Without network security management, some security technologies, such as firewalls, would be significantly hampered in the value they can add, and other security technologies, such as network intrusion detection systems (NIDS), would fail to add value at all. This chapter explores the management requirements, protocol options, deployment choices, and general best practices around management in a security-sensitive network.
Although both secure network management and network security management are covered in this chapter, they aren't broken out into separate sections. Each depends on elements of the other, so the conversation will shift between the two throughout the chapter.