How many switches and routers do you have running across your enterprise? Which nodes are connected to each network segment? How often does an accidental change cause an outage for users or customers? And how often do users who know just enough to be dangerous cause downtime with network “tweaks”? How much time do you spend updating firmware, installing patches, and putting out network brushfires? If you answered along the lines of “Uhhhhh, a lot” to any or all of these questions, it’s time to invest in network management software.
The right tools
Believe it or not, there are some great pieces of software that handle proactive network monitoring and hardware updates, regardless of how many different vendors’ equipment you have running on your network. Oftentimes, this same software can be used for discovery purposes to automate asset management and assist with the arduous but critical task of diagramming and documenting network resources.
Even something as simple as pinpointing a cable that’s been unplugged, an unauthorized wireless access point that’s been installed, or where that new laptop that Carol Cubicle got for Christmas has been plugged in can usually be handled automatically with alerts sent to appropriate staff the minute a change is detected. At the same time, authorized or necessary changes can also be detected and documented on the fly.
While not all monitoring software is created equal, most network hardware vendors provide at least basic tools for automated network management. Others provide much more sophisticated software as well as upgrades for more complex networks. Still others provide powerful security features, alerting administrators to suspicious traffic or devices that appear, based on network utilization, to be infected with any number of types of malware. Although this is traditionally a function of firewalls, gateways, or dedicated appliances, proactive network monitoring is happening more frequently at multiple points in the network to identify and eradicate threats as quickly as possible.
The point is that the days of tracing cables, logging into consoles for managed switches, and finding rogue PCs and network nodes by inspecting DHCP logs and routing tables are long gone. Good riddance. Welcome to the days of intuitive web interfaces, graphical tools, and automation, letting you spend your time planning for that virtualization rollout instead of upgrading firmware and climbing about in wiring closets.
The right policies
Of course, all the software in the world isn’t much use without reasonable, robust policies to drive its usage. If employees don’t know that BYOD doesn’t mean just plug in whatever you want, then identifying those that do and slapping their wrists doesn’t make for solid user relations.
Creating policy is rarely something that IT and various stakeholders in an organization relish. In fact, it’s frequently a painful battle between users who favor the most laissez-faire of approaches, management and human resources (whose biggest concern is maximum productivity and keeping those pesky employees off of Facebook), and IT, who simply wants the network and all of the devices connected to it to continue running trouble free.
Therefore, as policies are being developed and implemented (and even as new employees are being onboarded), it’s incumbent upon IT to convince all stakeholders of the need for a measured, reasonable approach to network access and the security concerns with which access goes hand-in-hand. It is also an opportunity to ensure that users are not only aware of active monitoring but of the utterly critical nature of network integrity in an enterprise.
After all, there shouldn’t be any surprises when a user gets called on the carpet for running torrents all night, reconfiguring the networking in their office, or plugging in that home computer because they like it better. BYOD has a place, but not without the right policies to support it and the right infrastructure and tools to manage it.Tags: IT Security,Software,Technology