We've all made one in our career, I'm talking about that blunder for which
you thought you would be fired. My first blunder was rebooting all the campus
router pairs at one time, not one by one, all at once. I had written a script to
install a security update on all the routers and reboot them all one by one, I
thought. Turns out my script had an error and didn't wait between routers. I
thought for sure I was fired, but it turned out it was a great learning
experience for everyone involved. We all learned a little about crisis
management, I was introduced to change management, and my boss took a few hours
to teach me how to verify the network was working properly as everything came
back up online.
Sometimes, our blunders are not so instantly noticeable, and sometimes we
make blunders that linger in our firewalls until they either cause an outage or
an auditor calls us on them. One of my favorite activities is visiting and
talking with firewall engineers around the world. Here are some common blunders
I've seen and heard engineers talk about – maybe you'll recognize one or two of
them yourself.
- Creating firewall groups with no meaning
- Failing to upgrade your firewall software
- Using the wrong technology
- The accidental outage
- Poor documentation
- Using excessive Drop rules
- Using routing as your security policy
- Using DNS objects in a rulebase
- Making changes in panic mode
Visto en www.scmagazine.com/
No hay comentarios:
Publicar un comentario