Getting started with managing network configurations on critical infrastructure devices
Network configuration management is a process that every device on a network must go through at some point. It involves discovering the device on the network, backing up its configurations, monitoring for changes, getting alerts on changes, restoring previous configuration files, and comparing across versions. Network configuration management is an essential component of a network security architecture and helps with aspects of many different security protocols.
We’ve already written a lengthy post on how network configuration management features can help satisfy the Center for Internet Security Controls and Safeguards. In particular, network configuration management can help with the Secure Configuration of Enterprise Assets and Software. Using a network configuration management tool you can maintain a secure configuration process for your network infrastructure.
What does a network configuration manager do?
A network configuration manager works with multiple hardware vendors. It helps to manage network configurations and changes on critical network infrastructure such as switches, routers, firewalls, and other essential networked devices. Network configuration managers can perform tasks such as:
- Backing up of configurations
- Restoring of configurations
- It can be used for remotely updating configuration files
- Logging a history of configurations and changes
- Can be used for comparing network configuration versions
- Alerting if a running configuration is different from a saved one
- Alerting on configuration changes that could signify a security threat or cyber attack
How can you manage network configurations?
There are a couple of great network configuration management tools including Domotz, PRTG, ManageEngine, and SolarWinds.
Advantages of network configuration management
- Reduce downtime by rapidly identifying issues and any changes happening
- Ensure software is up-to-date
- Creates visibility on what is happening on the network
- Streamlines maintenance processes
- Improves network security
- Meets compliance demands
- Minimizes errors with configuration mis-alignment
- Enables rolling back to a previous version if performance issues occur
- Keeps record of all configuration changes happening on a network
Network configuration management actions
Device inventory, discovery, and topology mapping
The first step in any networking process is to understand the devices on a network. Firstly, automatic device discovery lets you know what you are dealing with on the network and is the initial step for developing a network configuration process. Moreover, it provides network admins with visibility of a network for which they’re responsible. Furthermore, getting a real-time updated inventory helps admins regularly audit the network. Once you know the hardware on a network, you can devise a program for managing network configurations through a standardizes. You can also put into place policies and procedures for dealing with critical networking infrastructures such as firewalls, access points, and switches.
Backing up network configurations
Firstly, service providers, MSPs, network admins, and IT professionals are likely to be the ones responsible for backing up network configurations on critical infrastructure devices. At the same time, network switches, firewalls, and access points are all essential components of a network. What’s more is that, if the firewall is not working or running the latest available configuration, that could be a problem. If the configuration is backed up, then it can be restored automatically or more easily should something go wrong. For example, if a faulty configuration causes issues with the network, the previous version can be restored more easily. Lastly, backing up network configurations helps to minimize downtime and is part of a healthy network maintenance process.
Managing configuration changes and versioning
Firstly, a solution like Domotz can help you automatically manage configuration changes. This means that configuration changes are tracked automatically, and you can get alerted if a running configuration is different than the saved version, or if an unexpected configuration change occurs. Moreover, in some cases, depending on the integration, a new configuration can be deployed directly from Domotz.
Alerts on network configuration changes
Firstly, knowing if your critical networking devices are running the right configuration is hugely important. Domotz will alert you if the running version is different from a saved configuration file, meaning a configuration mismatch. Additionally, getting alerts if a network configuration changes is crucial to network security. Moreover, if a firewall, or network switch configuration changes, this could signify a network security risk and that someone has intentionally changed a configuration to gain access to critical network hardware.
Meeting compliance demands
Many compliance standards require processes and systems in place for managing network configurations on critical networking hardware such as firewalls, access points, and network switches.
Requirement: Secure Configuration of Enterprise Assets and Software
Action: Backing up configurations of enterprise assets like switches, firewalls, and access points is crucial in making sure the configurations are secure.
What benefits of using Domotz network configuration management?
- Built-in support for multiple hardware vendors’ brands of firewalls and network switches
- Automatically back-up configurations of network switches and firewalls
- The manual backup of specific configurations
- Compare across different network configuration versions
- Get alerts if something changes
- Get notified if the running configuration is different from the saved one
- Restore the previously saved configuration version
- Upload and update a device with a new configuration
- Improve network security by getting alerts and tracking configuration changes
- Get historical information on configuration changes
- If a disaster does occur, you’ll be able to roll-back faster
- Real-time configuration tracking
- Reduce errors through automation
- Ensure device configuration comply
- Lastly, automate tasks to save time