Not So SIMple
May 4, 2007
AO Spotlight: Deciding on a SIM (security information management) product? Be sure to consult our members first. Also: stories of survival after encountering dimwitted users and the effect of virtual machines on network security.
Which SIM (security information management) product do you use?
I use NueSecure, which is now called IBM TSOM (Tivoli Security Operations Manager). I've used it for years and I am reasonably happy with it. That said, IBM is making me do a forklift upgrade. They are re-writing the product and dumping MySQL for DB2 (big surprise) and they are making enhancements to the custom rule engine that *should* boost performance when doing complex custom analysis.
I had a user call me and tell me that her monitor would not turn on (I think we all know where this is going), to which I asked her if she had power. Normally it should be a hint that the power was out, you have been told to follow down time procedures, meaning you have been told to switch to pen and paper patient care (this has changed but it was true at the time). But she still argued that it couldn't be the power because her office had lights on, to which I asked if they were her normal overhead lights or the emergency light system.
The excused herself and hung up the phone.
Virtual machines and network security...
How are network admins handling the presence of virtual computers on their networks? Currently I rank as a domain admin, and virtual machines/computers are not yet an issue for us largely because very few of our users are even local admins, thus lack the privileges to install apps. I've been playing with the technology as time permits, and we may use it for our NT simulators. I'm interested in how other admins are handling their presence.
Active Directory question
If the domain admin account is not being added, or is being removed by someone you can use Group Policy and configure "restricted groups". This will also prevent a user (if they have local admin privileges) from removing the domain admin group from the local admin group. You can also give certain people or groups more privileges in the OU in which the GP is enabled.
Enterprise log management systems
Yet more helpful information to help size up your organization's security.
Also, be sure catch up on today's posts. Not a member? Join today!