[c-nsp] Config Backups

Rick Martin rick.martin at arkansas.gov
Fri Mar 2 15:53:28 EST 2012


We are actually using 2 commercial products today;

1. Cisco Works
2. HP Network Automation

 And one home grown script on Linux that runs out and grabs the config on all firewall enabled routers every night to assure that the firewall is still applied - some of our techs disable firewall while troubleshooting issues and "forget" to re-enable it.


 We initially used Cisco Works only - then the security group developed the Linux script for the reason state above. After a few negative audit findings we purchased HP NA for the same thing so I suspect we will disable the Linux script. 

 HP NA has turned out to be the easier product to use to fetch the old config. We can compare current config to any previous config, we can see each configuration change that has been made and we also use it for change management on firewall enabled devices. If a change is made outside of the tool then an event is triggered that the security group will investigate.

 A pricy tool that has a lot of advantages over Cisco Works and TAC/ACS mostly in the area of user friendliness. 



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Erik Sundberg
Sent: Friday, March 02, 2012 1:57 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Config Backups

Quick question/poll

What is everyone using for router/switch/firewall config backups?

Is rancid still the one to use?

Thanks

Erik


________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list