Hoping this is the correct sub to present this. High level over view, Ive been tasked with creating a whitelist for our production servers to allow access to only what they need (internal/external), based upon their function and then add an implicit deny statement at the end of an ACL (on a Cisco ASA). Currently, the servers have free reign and we need to tighten that up. Our current approach at building this list is to monitor a low level servers traffic for 30 days via NetFlow and then to also stand up a new VM, based on our template for new VM build, and then monitor through NetFlow as well, to gather a baseline of where it should be talking to. We know this will be a long process and are going to break services and applications along the way but are there any gotchas or best practices that can be passed on? Any feedback would be appreciated. Thanks.
No comments:
Post a Comment