Why don't you like my network?

I have a great respect for the network admins. It is their job to get the traffic form A to B, as fast as possible, and to do this while new requests for connectivity are piling up. I also have a great confidence in them, they do their job reliably and efficiently.

However, in the past weeks I have had the opportunity to review certain relatively large networks, and found all of them lacking in one aspect or another. And always when I express my reservations, the network admin(s) asked the aforementioned question: Why don't you like my network?.

Of course, It is only natural to be proud of your work and not accept criticism to it very well.
Here are the top reasons why the responsible network engineer should permit a friendly but unbiased outsider to have a view of the network once in a while. This outsider can take the form of a network management software, a consultant, or just your friend from school who has the network-admin job somewhere else.


  1. The author rarely sees his mistakes - this is true for any art or industry, including network design and management. A fresh view of things and a little bit of analysis can identify possible design flaws, errors or just bring a new idea for optimization to the table


  2. There are too many doorways into the network. All network administrators are only human at the end of the day. As the business grows, more and more entry-points into your network will appear: Partner networks, new services, management requirements, business oportunities etc. As this happens, it becomes easier and easier to forget adding a rule here, or relax the firewall rules just a bit more then required to make the service work without those troublesome glitches, or just create a less secure link as a temporary measure.


  3. There are things known, and there are things unknown - think you know everything that happens on your network? Think again - there are very few networks where all settings are according to policy and procedure. Consider this scenario: Admin A took a shortcut one evening and forgot to correct it, and admin C saw the added configuration. Admin A isn't here, so admin C assumes that a test is in progress for some project led by admin A. Suddenly, this glitch becomes a part of the configuration, and is soon forgotten. I can guarantee that there isn't a network in the world which has a only the policy approved set of rules and configuration.


  4. The users of late have become very creative - the users are becoming technically very experienced, but on the other hand thir security awareness is rarely on par with their technical knowledge. This can easily lead to situations where the users are trying to use services outside of the ones approved by policy, thus bringing programs via USB, CD-ROM, or through e-mail.


  5. Things are moving way too fast - new services are being created every day. The Business can identify hundreds of new opportunities per day, and require changes to enable usage of new services, literally overnight. In such situations, there is a huge opportunity to enable something without properly securing or protecting it. Oh, and when was the last time you checked whether anyone in the company has confirmed trusting an ActiveX control from a unknown web site?


  6. The network is all over the place! - the elements which you are utilizing and managing are not always in front of you, and you don't know precisely what's happening to them. Are you sure there are no broadcast storms behind all routers on yout network? When did you last checks what is the rate of packes dropped or fragmented at that branch office in the town 100 miles from head office?


  7. The outsider is not affected by your everyday business - Ofcourse, all those checkups could easily be done by the network admin himself/herself. So why bother with the outsiter? Simply because the outsider won't have to drop everything in order to check that stuck email of the manager, or to attend the staff meeting, or to start and manage the implementation of the new service which is behind schedule for rollout. The network admin is there to help the company, and the consultant is there to help the network admin.

No comments:

Designed by Posicionamiento Web