Notes

In an enterprise network, its better to define buildings by number and not name

  • ex. an IP address from 10.9.0.0 would be from building 9

  • subnetting networks is important for security

    • if one network is affected, the others are not

    • can identify where the attack is coming from

  • Time is important for devices on the network

    • NTP server

      • time management on the network

        • all servers on the network are synced with the NTP server

    • If a computer isn't in sync with the time, it won't authenticate the user

Logging

  • A record of an event (on network and systems)

  • Some logging vendors charge by volume (Splunk)

  • Figure out which logs you need

  • Analyze the sizing requirements

    • what is going to be the volume

    • what is the impact of the volume on the network

    • where will the logs be stored and how much space?

    • Compression?

    • Copies?

    • Rotation/Destruction/Decay requirements

    • WHO will analyze these logs and what tools will they have (SOC team?)

  • Best for long term back up tapes. SSD can corrupt

    • Just keep them in a climate controlled place

  • Syslog agents

PreviousLab 2.2: Syslog Organization on Lab on log01NextModule 3: Segmentation

Last updated