About this time of year, network administrators experience an event as common as it is frustrating. It starts with...
an e-mail from the boss, usually early in the morning, saying he's only got until noon to send any requests for capital into the budget for the next year. The rest is predictable: you can only manage to remember a few of the dozens of things you've been wanting to do, so you start scrambling to get quotes and write a business justification and just get your note into the boss to be forwarded on to the finance department. Then you spend the rest of the afternoon complaining about how you never get an opportunity to do the planning you really want to do.
This year, do yourself a favor and get a step ahead. Make yourself a list of gee-whiz items that you'd really like to do. Prioritize them, do enough design work to get a ballpark cost, then write a paragraph or two about why you think you need them and file it away somewhere. As you go through the year, and things occur to you, add them to your list. When the time comes, you'll be very glad you did.
Since security is always getting short-changed in the budget, I've put together a quick list to get you thinking about ways to improve your network.
- Require all users to authenticate before accessing the network. You can do this with the IEEE 802.1x, Port-Based Network Access Control protocol.
- Require two-factor authentication for remote users and administrators. This could be a digital certificate, hard or soft tokens, or even thumbprint scanners, which are reasonably priced now, in addition to the usual password.
- Require desktop firewalls and anti-virus software and patches on all computers. Many vendors can now verify that this software is running and up to date before they allow the computer to access the network.
- Get a firewall log analysis tool. You might be surprised what sort of information these can give you.
- Get a corporate instant messaging server, so your users will stop sending their confidential notes across the internet through AIM and MS Messenger.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.