If you are a new system administrator, or maybe one who has recently taken over a new network, you really want to get an understanding of what you have in the environment, what holes are opened, how to lock them down and finally how to get monitoring in place so you’ll know when things go down or security breaches occur.
Network management can be a time consuming endeavor. It can also be costly if you are trying to install systems which claim that they are a one-stop answer to your problems, but they rarely deliver on these promises. This type of wild-goose-chase scenario can cause problems and headaches for network managers and also result in wasted time , money and effort.
Monitor your Network
It is important to get a handle on the basics of managing your network, before you begin to even think of investing in a costly network management system. The following list outlines 10 areas that you need to get a handle on, in order to effectively manage your own network.
Take an Inventory
1. Compile an inventory of the most important systems that you currently have in your network.
This could be called “critical infrastructure” listing. There are several ways to generate this inventory list. One way is to just walk around and observe what you have. You could also install software which scans your network and documents exactly what you have. If manually checking your network is your method, you might start by observing your “core” switch and documenting exactly what is connected there. You should remember to include
*Any device utilized to keep the network or the users working
Implement Change Control
2. Develop a process for change control
After documenting systems important on the network, look at beginning to implement a “change-control” process.
Many people seem to favor the change-control process they utilized in previous jobs. Try to make sure that you have a log of all the changes made on your system,
Who implemented those changes and when they were made.? This should be for all of your infrastructure(critical).
3. Make sure you remain compliant with universal compliance standards.
Make sure that BEFORE you install a network, you are aware of any compliance standards that must be adhered to, and carefully monitor your installation to make sure it complies with these standards. This could include such things as HIPAA, or PCI standards. If these standards are carefully adhered to, it will greatly reduce costs down the road. Oftentimes companies have had to implement dual or separate systems, just in order to ensure compliance standards are met. Do not be one to take on these extra costs.
Use Monitoring Tools
4. Make sure to include a map(with status icons).
When choosing a system for network management, this author has found it extremely beneficial to make sure it contains an option for map creation with status icons. Each device in the critical infrastructure gets its own status icon. This map should be displayed in the area where the help-desk is located. The utilization of these status icons greatly enhances the user interface and helpfulness of the site,
5. Focus on Dependencies within network
Within each network certain systems are inherently dependent on other systems. There are some network monitoring tools available that allow the system admin to set the dependencies so as to not allow redundancies. If one router goes down in a certain location, this will allow a setup where a series of alarms is not sounded. You will only receive one alarm, to tell you the site is offline. That is all you really need.
Alerts ideally should be structured or set up based on the availability hours of the staff on call for IT problems. Many sites do not have 24 hour staffing on their help desk. Most small to medium sized businesses have a daily support desk staff but after hours they usually just have an on-call staff setup for IT problems. Make sure that the alerts for tech problems are setup to go to the proper tech staff at the proper time of the day or night, according to the schedule of each corresponding IT staff.
7. Decide on your own standards for security and obtaining network information.
Make sure to include information on why problems are being experienced, when the alerts go out. This way the clients will or site members or visitors will not be left in the dark as to exactly what is causing the problems currently being experienced.
Implement a Backup System
8. For critical system and applications try to set up supplemental data backup.
Some suggestions are as follows.
A)Make sure logs on devices and servers have sufficient space to store events over large time periods. Or if not possible back these up as often as possible.
B)Make sure to keep logs of who accesses your data and from what types of devices. Also it might be helpful to keep logs of what files are being accessed, what file shares if any are being requested, database queries being run and also what pages are being accessed on the websites.
Practice Good Security
9. Network perimeter is critical.
Do not forget to observe who is going in and out of the network. Firewalls and Internet filters are important, but do not make the mistake of placing too much trust in these. Look carefully into implementing an Intrusion Detection System (IDS).
10. Set up a system or process for tracking devices and users.
After setting up monitoring and also alerts for all devices on the list for critical infrastructure, make sure you have the capability of identifying who is plugging in what device and where (on the network). There are several software solutions available which will enable this tracking down of network hosts, and they do it automatically. This saves the trouble of manually logging into switches and searching for address tables.
Above was a short, and hopefully somewhat helpful list of things to look for when setting up your own network. Setting up your own network can be complex and somewhat intimidating, in this quickly changing environment of internet security. Technology changes so fast that just maintaining a safe network can be a challenging feat. Hopefully by being diligent and reading all the latest tips and utilizing the latest software, your company or home office can be safe, secure, and responsive to all your needs.