Feeds

A sysadmin always comes prepared: Grasp those essential tools

Help us scope the perfect IT admin's toolkit

HP ProLiant Gen8: Integrated lifecycle automation

+Competition We have prizes up for grabs. The first 30 people to sign up for a GFI Cloud free trial and add two or more devices to the console get a limited edition T-shirt from The Register. All signs ups that add two or more devices before this competition ends will be entered into a draw to win a 10-user licence of GFI Cloud’s AntiMalware Pack. Find the full competition T&Cs here.

There are certain tools that all sysadmins need. Some, such as the venerable ping, are so fundamental that their lack would be considered an oddity.

Others, such as backups, should by rights be deployed absolutely everywhere, yet incomprehensibly are not. Debating which tools are best is the blood sport of our industry.

I remember the carefree days before broadband. I built open-air lasers to carry unencrypted traffic at a blistering 9600 bps.

Obscurity really was security. Only a handful of people in my area at the time could recognise what those rigs were designed to do, let alone intercept the communications. The chances were vanishingly small that of any of them would do so for malicious purposes.

Broadband arrived. With it came new threat vectors along with a technology industry exploding in innovation. Some of the biggest names in the industry were caught unawares – Windows XP famously had a firewall that wasn't on by default.

Windows XP's Service Pack 2 changed all this and finally made Microsoft's pivot towards "security first" tangible to the customer. It has done yeoman's work since then, but the industry as a whole cannot say the same.

The companies behind major culprits such as Java, Flash, PDF readers and consumer broadband routers haven't cleaned up their act despite years of continued assault.

In very human fashion, the companies behind the "Internet of Things" machine-to-machine revolution are proving no better. They are repeating the mistakes of their predecessors, offering poor support and units that are vulnerable by default.

The world has changed since my little 9600 bps lasers and threat models have changed with it. Have our sysadmin's toolkits kept up?

Let's take a peek at the major categories and have you, the reader, submit your thoughts on which tools are the best for the job.

Perimeter threat detection

This is about more than just standing up a firewall and hoping nobody crawls through. It is about assuming that someone eventually will and deploying tools to detect this when it happens.

Intrusion detection and prevention systems (IDPS) exist in any number of forms to attempt to detect the untoward activity.

Basic IDPS systems are designed to be deployed to monitor individual services or servers. Fail2Ban is a popular example.

Other IDPS systems are designed to scan active network streams and typically come in the form of application layer gateways (ALGs). Today, these are commodities, easily found as physical or virtual appliances.

Perhaps the most pervasive IDPS technologies deployed today are web filtering and email filtering. These can include everything from ad-blocking and anti-malware to spam filtering or blocking undesirable content.

They can be installed as part of a firewall/ALG appliance but are increasingly deployed on a per-system basis as part of a cloud service that offers rapid-release threat signatures.

Working to block threats at the perimeter is the first, and easiest, step towards a functional modern IT deployment. A large number of things that can go wrong simply don't if the bad guys can't get past the edge defences.

Extant threat detection

No battle plan survives contact with the enemy. No matter how sophisticated and well implemented your perimeter defences, something will inevitably get through.

In addition, you will have to cope with privileged users abusing their privilege, Pointy Haired Boss syndrome and inadequate funding.

Extant threat detection has to include various types of hardware, software and network monitoring. It needs to detect failed equipment, but also unbalanced configurations and runaway resource usage. It needs to be able to find configuration issues ranging from open ports to improper Group Policy Objects.

Event log monitoring is the easiest path forward. Operating systems and applications are usually pretty good about logging when something goes pear-shaped.

ACL auditing needs to be considered. This ranges from file permissions and network ACLs through to application-specific rights allocation. The trick is to have software that can keep an eye on all the logs across all systems and filter signal from noise.

Anti-malware software needs to be centrally managed, with regular updates and proper installation verified.

If something goes wrong admins need to be notified; the first sign of trouble many admins get that a system has been compromised is not detection by the anti-malware application, but rather the unceremonious murder of said application by malware that got in under the radar.

Somewhere in here we need to add USB scanning and efforts to uncover clandestine IT.

In some cases, these items are different tools but they are converging. Even where the individual components of extant threat detection aren't collapsing into a single tool, unified management of the various tools in this category is increasingly pervasive.

Entropy assurance

This is a relatively new category in mass public consciousness, but it is increasingly important.

Entropy assurance tools have one job: to generate high entropy to secure system and service access and manage all of it in a human-compatible fashion.

Here we find tools such as password managers and certificate and key management systems. In today's world of custom silicon, GPGPU computing and massive Amazon cracking setups, entropy assurance apps are no longer optional.

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.