As you can read in her IT Pro File, Carol Miller has been on the fast track to networking guru status for the past...
five years. Her background in accounting and auditing laid the groundwork for her current role as network security evangelist. As such, she offers these dos and don't tips for securing a network.
- Do track all your activities. Record even the most mundane network tasks in a log file or daily journal. Simple things, like failing to remember whether you installed new drivers or service packs, can come back to haunt you when you least expect it.
- Do rely on hard-copy backups sometimes. If you maintain system log files such as DNS debugging or SQL logging, schedule to print and then clear these log files on a regular basis. Keep them in both electronic and old fashioned paper formats until your system audits are complete. If you don't ever read said logs, then don't enable them and waste valuable system resources.
- Don't ignore features that are built in to applications. For example, use Microsoft Excel as a means of keeping a list of your Active Directory objects. It is easy to export the list from Active Directory to an Excel spreadsheet and then have a hard copy of your objects handy if the need arises. Or use the "Save as" feature in your system monitor to create a Web page that can monitor your server 24/7 but be available from any machine on the network via Internet Explorer.
- Do stay virus-current. Join the CERT organization and receive the group's frequent bulletins about new viruses and hacker attacks.
- Don't waste your system resources with high-end wallpaper or icons scattered on your desktops! Use folders on the desktop to organize user documents, and use a group policy to prevent inappropriate or system-intensive wallpapers and animations.
- Do bolster security with network cards. If your network has services or applications where two servers make "calls" to each other, dedicate a network card to these communication channels and create a static route. Add IPSec to these network cards -- thereby tightening security between the two servers without preventing clients from accessing them. This is especially useful when dealing with SQL Server.
>> Read Carol's True IT Blooper.