One thing that I first noticed occasionally as a Net Tech, and then more as an OC/T at NTC and finally a ton now that I have moved into the cyber side of the world is the just how important logs can be. The problem….we suck at actually saving the stupid things.
When there is a problem with the network, time matters. We need to be able to quickly move from device to device in order to identify and rectify the problem. In order for this to occur, we have to know where to go to next, and how to get there.
Do you know what your baseline configuration is? Is it the same thing that you received on a CD from General Dynamics years ago or have you updated it over time as you have worked to refine and secure your network? If you do have a baseline, is it something that routinely roll-back to after each mission or do we just keep try to update the configurations each time we get a new message?