CompTIA Network+ N10-008 – Module: Examining Best Practices for Network Administration Part 6

12. 16.11 Documentation

In this video, let’s discuss some of the different documentation that we should maintain. First up is a privileged user agreement. This says what users are, specifically, what positions that those users hold, what permissions do they have, can they view something? Can they modify something? Can they not view something? These policies can apply to individual users or roles or entire groups, groups of users. We also have password policies, and you probably run into this when you’re trying to set a password on a website where it says you have to have a minimum of eight characters, and you might have to have a special character and use upper and lower case.

That’s the kind of thing we’re talking about here. What kind of password policy do you require for your users on your network? Keeping in mind that the more complex the password, the more difficult it’s going to be for an attacker to use a brute force attack and gain that password. And when is that password going to expire? Sometimes users have to change their passwords so frequently becomes a big inconvenience for them to keep up with their passwords.

But it’s a balancing act between that user inconvenience and securing the data. Another document that we need is a set of on boarding and off boarding procedures. When somebody comes into the company, we want to set them up with an account, give them an appropriate set of permissions. But when they exit the company, we don’t want to leave their user account just hanging around or leaving their email account intact.

We probably want to have a procedure where we’re going to delete or at least disable their account for the time being. Licensing restrictions deals with what we are legally allowed to do with different pieces of software. If I buy a license for a single use installation, I should not take a license for an application and install it on every computer in an office. I need to have licenses for each user. We also need to keep in mind we might be shipping things out of the country for international export controls.

We want to define what can be sent internally within a country or externally outside of a country. Because if you export something out of the country, there may be some limitations on the encryption standard that’s being used. Oftentimes when I’m setting up some security feature on a Cisco router, it will warn me that there are export restrictions.

Because we’re using this very strong encryption algorithm, we’re not allowed to send the Cisco iOS or the router that’s running the Cisco iOS out of the country. We also need to consider data loss prevention. We don’t want to lose our data, and there should be a set of policies and procedures in place that’s going to help prevent that. And this is especially important for sensitive information, like personally identifiable information, an employee’s Social Security number, for example.

We need to have tight security on things like that. Remote access policies deals with how we’re going to allow employees to connect remotely into the network. Can they come in through some sort of a web portal? Do they need to use a VPN? Do they have to have VPN software installed on their computer? And when an incident does occur, we should have a set of policies in place dictating how we’re going to respond to that incident. So let’s say that there has been a breach and passwords have been lost from a certain database. How do we respond to that?

Do we notify the users? Do we disable their accounts? What do we do to respond to that incident? And today people are having more and more devices like smartphones, their own laptops, tablets that they want to bring into the office and that can be a very convenient thing for the user. However, do we want to have our It staff maintain those devices that users are bringing into the office? Well that’s going to be determined by the BYOD policy or bring your own device policy.

Sometimes companies will allow their users to bring a device if it meets certain criteria. If it’s an Apple iPhone for example, it needs to be running a certain version of Apple’s iOS operating system as an example. And since users probably have access to the internet from their computer, what is an acceptable use of those networking resources? Can they go check their Facebook account? Some companies will allow that. Some companies disallow that you may not want an employee running their own ecommerce business using company resources.

So there needs to be very clear guidelines as to what is an acceptable use of those corporate resources. And there may be secrets that a company has that should not be given outside of that company or even outside of a department to enforce that. We can have an NDA, a nondisclosure agreement, and this is a legally binding agreement where someone is promising not to share information outside of a defined group of users.

And when a device is purchased, it’s going to go through what’s called a system lifecycle. We’re going to plan for the purchase, we’re going to actually purchase it, it’ll be installed, we’ll maintain it through its lifetime and when it’s over, we want to dispose of that. And a system, a lifecycle document can explain what’s happening during each of those different phases. Such as when we dispose of a device, do we have some sort of recycling procedure? How are we going to wipe that device of data before we dispose of it? And of course we want to have a safe working environment so we can have a set of policies and procedures that make sure people aren’t doing things which might be considered unsafe.

Maybe they have to wear a hard hat in a particular area. Maybe they’re not allowed to lift equipment without assistance that weighs over a certain amount. And also we want to quickly respond and recover from any kind of a disaster. If there were a natural disaster that destroyed a data center, how do we recover from that? Well, that’s going to be defined in our disaster recovery plan. And a document that’s going to be fairly large probably is the standard operating procedures or the SOPs, which give step by step instructions for how different processes are carried out within an organization.

This can be great for new hires because there are so many responsibilities for that new hire and they don’t want to have to ask somebody, how do I do this? How do I do this? Well, in cases like that, they can refer to this set of standard operating procedures, or if it’s a task that we simply have not done in a while, that could be a great refresher for us. What should we do to accomplish this particular goal? And finally, let’s consider an MoU, a Memorandum of Understanding.

This is not a legally binding document. However, sometimes two parties in a discussion or a negotiation, they think that they have reached an agreement, but there is not truly a meeting of minds. A Memorandum of Understanding documents things such that each person involved in the negotiation can clearly see the whole picture. They not only understand their perspective of the agreement, they understand the other person’s perspective of the agreement. So this Memorandum of Understanding or this MoU, even though it’s not legally binding, it can help eliminate a lot of confusion and disagreement in the organization. And those are some examples of documents that we should maintain for our networks.

13. 16.12 Site Survey

Let’s say we’d like to do a wireless design for an office like this. Before we go in and just start placing access points here and there, we should probably get a sense for the existing RF spectrum or the radio frequency spectrum because we don’t want to start using channels that are already in use. What we might do is load up an app on our laptop that analyzes the WiFi environment and roam around the building and measure signal strengths at different points. Let’s see what frequencies are currently in use, and then once we understand the RF profile as it stands now, then we can start to place those access points.

And we want to place those so we get full coverage and we can adjust the power levels on those access points so that we don’t go too far out into the parking lot. But yet we’re covering all of the office space and we want to make sure that these overlapping coverage areas between the access points, we want to make sure that we’re not interfering with one another. So adjacent coverage areas should use different channels. And remember, with the 2. 4 gig band, we want five channels of separation and the channels we typically use are channels one, six and eleven.

And on top of this, we could also have a five gig band running on these access points using, again, non overlapping channels. And we’ve got many more to pick from in the five gigband. But that’s an example of how we can go into an existing environment, survey the radio frequency spectrum in place right now, install access points, and set the channels for those access points, and that’s going to give us full coverage throughout this office environment.

• Category: Uncategorized