Network winterization, audit, fix up – whatever you want to call it. If you are interested in kicking off the new year right, it’s time to take a look at your handiwork and start 2016 with a clean slate. This year, my presentations will be all about how the layered defences work to detect and prevent cybercriminals from getting into your network. Managed Service Providers (MSPs) have a great opportunity to tidy things up. Here are some things to look at:
[ ] Windows Active Directory (AD)
One of the most important IT audit functions is to make sure the AD reflects the reality of the business. It’s time to look at the last login dates and determine if you have stale user accounts. I don’t recommend deleting them, in fact I am loath to delete any business information, but certainly disabling the account is a great idea. Between contractors, part-time seasonal workers and vendors the AD might be filled with accounts that are no longer required.
[ ] Capacity Check
It’s probably the easiest and most often overlooked aspect to being a good IT service provider. Build a checklist that includes taking a look at all the hard drives in your life; do you have enough space to restore? Do you have enough space for data growth in 2016? Are the server disks thrashing because machines are running out of memory? Giving your customers the heads up before these issues become major problems is how to be a hero in 2016.
[ ] Backup and Restore
Now is a good time to test restore some files to verify your backup is working. Starting 2016 safe in the knowledge that backup is working at all your customers’ sites is a great idea and will relieve the stress when something goes wrong. It’s not just user mistakes you have to worry about, it could be your mistake or one of those occasional bad patches. Having a rock solid backup is a must do for 2016.
[ ] Antivirus change up
It’s not a bad idea to scan your file server and some random workstations with another AV product. This is a great way to find targeted malware that may have slipped past your defences. Grabbing a copy of Bit Defender or Malware Bytes and letting it loose on servers while there is minimal activity is user friendly.
[ ] External port scan
Firing up NMAP and taking a look at the outside of your customers’ network is a great way to make sure you are on top of your game. Networks and the firewalls that protect them may change due to vendor configurations or neglect. If you have moved a site to Office 365 chances are you don’t need IMAP, SMTP and POP open on the Firewall anymore. Don’t neglect a scan of the DMZ – you never know what you may find.
[ ] Check the Firmware
It’s not glamorous and sometimes a bit dangerous – save the device configurations – but manufactures are frequently releasing updated firmware to address performance and security issues. It’s time to make sure the firewall, wireless access points, and core managed switch are all up-to-date.
[ ] Network Traffic Analysis
Plug in a laptop with Wireshark and take a sample of the network traffic. If you are going to look for indications of compromise, stealthy malware that made it by your layered defences, unaccounted for network activity will let you know something potentially bad is present.
[ ] DHCP & DNS fix up
Now is the time to build reservations and update records in DNS for all those devices that have been added in the past year. I don’t like fixed IP addresses on devices, I like DHCP reservations so there is minimal possibility of duplicate IP address problems. If you need to run NMAP to figure out what has landed on the customer’s network be prepared for surprises! Where did that postage machine come from?
[ ] Update the customer docs
If you don’t already have one, it’s time to look at a service desk product. I really like having one place to find all the relevant documents for a customer and it’s an added bonus to deploy Passportal or some other password vault technology. The reality of network admin work today is a slow death by passwords. Try to not have to call your customer for the administrative password in 2016.
Get these ticked off and you'll be making 2016 an awesome year by starting off on the right foot. Your customers or business will appreciate it and an email to your boss of the above checklist will show them you are committed to delivering great service!
Ian Thornton-Trump, CSA+, CD, CEH, CNDA, CPM, BA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.
You can follow Ian on Twitter® at @phat_hobbit.