Keeping an eye on what’s going on in your network is critical in so many ways. Network monitoring tools offer many benefits, and with the advancements of technology today, there are a plethora of tools to help monitor an entire network.
But where do you begin when choosing a network monitoring tool? With all the areas of a network that can be compromised, go ‘kaput’, or slow productivity, you may need to approach monitoring differently for the different network devices you have.
Here are some things to consider from Auvik’s Steve Petryzchuk, when planning your network device management strategy:
Network architecture
The infrastructure, devices, services, and topology of your network fall under the umbrella of network architecture. Good network architecture will help you get better overall performance. For example, effective network segmentation can significantly reduce network congestion. Further, by designing for redundancy you can improve network resilience and reduce downtime.
Even if you nail your network design and optimization on day one, managing that network long-term can be a real challenge. This is particularly true in large networks where multiple parties were involved in the network design and implementation. Up-to-date and easily accessible network documentation—like network maps, for example—can go a long way in enabling effective network troubleshooting and device management.
Of course, there’s a lot that goes into getting network architecture and documentation right and we’ve only scratched the surface here.
Network security
No network device management strategy can overlook network security. If an attacker gains control of your network devices, they’re not really yours anymore.
In addition to building security into your network architecture with firewalls, IPS (Intrusion Prevention Systems), and other security appliances, you should take steps to harden your network devices. For example:
-
-
- Disable unused services:Many network devices support a variety of network protocols. By disabling unused protocols, you limit attack surface.
- Only use encrypted network communication:Related to the topic of disabling services, to secure data in transit, you should disable network protocols that transmit data in cleartext. For example, use SSH instead of Telnet, SCP or SFTP in place of FTP when available, SNMP v3 instead v1/v2c , and no HTTP (use HTTPS instead).
- Rotate credentials regularly:Passwords can get compromised. In the event they do, a policy that forces users accessing your network devices to change their passwords regularly (every 90 days or less is a good rule of thumb) can limit the amount of time a hacker can use compromised credentials.
- Use MFA (multi-factor authentication) whenever possible:Did we mention passwords can get compromised? Using MFA to login to your devices limits the amount of damage a hacker can do even if they do crack your password.
- Use certificate-based authentication or SSH keys when possible:Many network devices allow you to use certificate-based authentication or authenticate using SSH keys. When possible, using these methods can be significantly more secure than username/password authentication alone.
-
Network monitoring tools will make any sys admin’s job easier – when implemented correctly. To read the full article on the different network devices and how to monitor them, visit Auvik’s blog. To start a discussion on how Auvik can be used for your network environment and get pricing, contact us today. full visibility into the network with alerts notifying you of changes