[Web Informant] 4 February 2009: My network stimulus package

[David Strom]

Web Informant, 4 February 2009: My network stimulus package

With all the talk of billions for this program or that in Washington,
I thought I would put together my own stimulus package that can help
your network run smoother. I don't know whether $10 billion to buy
steel (domestic preferred) for new bridges or $9 billion to put up new
rural DSL lines will really be effective (my initial reaction is
dubious), but the idea of spending lots of money quickly by our
Congress is a scary one. And despite serving on my local school board
several years, I am not qualified to run any cabinet department or
national office (I have dutifully and fully paid my income taxes and
don't have any dark family embarrassments). But I think I can offer a
few ideas for you. So here are a few suggestions that won't cost
(much) dough and could save your own bacon if you are trying to
impress the boss that your name doesn't belong on the cut list quite
yet.

First off, do you actually know what kind of traffic is running on
your network? Have you looked at your top applications? You would be
surprised. At an event that I attended yesterday sponsored by Blue
Coat, they talked about how when they did these assessments they
always found ten times the number of applications that most IT admins
thought they were supporting. That is a factor of ten. The best story
was a company that found out that one of its most popular mission
critical apps was a home-grown one running on a box under someone's
desk.  I am sure this isn't unique, or even rare. It doesn't matter
what fancy tool you use to do this apps census, and there are many
vendors besides Blue Coat who would gladly come in and do one for you
(in the hopes that you will eventually buy their gear). But the more
that you know, the more you fine tune your network and reduce the
traffic from the apps that aren't business-related.

Second, have you looked at your latency lately? Has someone along the
way added a few new router hops somewhere that you didn't know about?
I am amazed that we are still talking about a concept that is decades
old and should be better understood. Latency improvements are the best
bang for your buck short of hiring a DC lobbyist to get some of that
earmark money. And you don't have to wait for any Congressional action
either.

Third, how many people still have admin rights to their own desktop
PCs? This makes it impossible to manage these machines, and allows
users to install their own apps. Granted, it may be politically
difficult to change this policy now, but hey, change is in the air and
you might as well start somewhere.

Next, have you looked at your user accounts lately and seen if anyone
that you have laid off is still using your network? You would be
surprised at how often this happens. At one hospital that I visited,
the IT manager told me that an employee who was laid off went home and
started using his girlfriend's login credentials at night. They caught
it because the girlfriend was still logged in at the same time at
work. And the number of people that I talk to that don't have regular
password change policies, or have the same password for all of their
critical servers, is amazingly high. Take the time to get this set up
properly. Given the number of layoffs these days, this is probably the
biggest thing that you can do to fix your security loopholes that
doesn't even cost you a dime.

I will have lots of other suggestions, if you are interested; check
out my article in next week's Information Security magazine. I will
post a link to it on my Strominator.com blog when it goes live. In the
meantime, you can post your own network stimulus ideas on my blog if
you are feeling a need to share them.