- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Sarbanes-Oxley
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2006 11:29 AM
тАО02-24-2006 11:29 AM
Sarbanes-Oxley
Please help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2006 12:45 AM
тАО02-27-2006 12:45 AM
Re: Sarbanes-Oxley
Could you provide some details of what reports you need for SOx? I'm not really familiar with it.
Maybe more people can help you then.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2006 12:49 AM
тАО02-27-2006 12:49 AM
Re: Sarbanes-Oxley
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2006 08:02 AM
тАО02-28-2006 08:02 AM
Re: Sarbanes-Oxley
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2006 09:47 AM
тАО02-28-2006 09:47 AM
Re: Sarbanes-Oxley
In the case of your network, ACL's I would imagine is what they would be most interested in.
Don't quote me on this though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2006 10:14 AM
тАО02-28-2006 10:14 AM
Re: Sarbanes-Oxley
I was hoping to get by with just change management on just the Procurve equipment by using the configuration revision logging and reporting in PCM+.
I don't know how I am supposed to handle the change approval process because I approve all my own changes but SOx assumes that I cannot be trusted and must get approval from above. In reality, it is those above me that are not to be trusted.
I plan to declare the legacy half as unmanaged.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-24-2006 09:50 PM
тАО04-24-2006 09:50 PM
Re: Sarbanes-Oxley
The auditors love documentation and paper trails.
The (rough) setup we use it.
1) Document. Switch config is documented.
2) Change Control. All alterations to switch config are documented and authorised.
3) Security. Only a the people that need it can access the switch config.
Now we are doing a followon project in investigating IPS/IDP but that is seperate from our Procurve switches.
Now if there are specific security/financial issues (say a financial VLAN or network segment) then generally they can be covered by the above.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-25-2006 02:48 AM
тАО04-25-2006 02:48 AM
Re: Sarbanes-Oxley
1) Document. Switch config is documented. (And reviewed)
SARBOX is big about one person documenting, the another person reviewing what the first person documented and a third person approves it. You will see this idea of multiple people as a check/balance systems.
2) Change Control. All alterations to switch config are documented and authorised.
Same thing - One person initiates the change, another person approves the change, and one person does the change. See - multiple people.
3) Security. Only a the people that need it can access the switch config.
Read this - no more generic login's - no more Administrator, no more Root, no more Admin, etc.
All accounts must be me unique and auditable, they also must be only enabled when a change has been appoved, and only for the systems that are covered by the change package. Think RADIUS, TACACS+, daily reporting, etc.
Hope this helps
I would add this as well
4) Reporting - most SARBOX wants reports, daily, weekly, monthly, of the change managements and successes/failures.
Thanks,
Rob