|
Good morning all,
Based on previous discussions at MSUNAG meetings, as well as
discussions within the Network Communications Committee, the members of
NCC have created a guidelines document for network infrastructure
hardware (ie, switches, hubs, routers, etc.). The primary purpose of
the document was to answer a question that many of us have heard at
meetings on campus for years: Does anyone have a good baseline document
that describes how to configure and maintain network gear? The
document, found at:
http://www.ccsac.msu.edu/ncc/documents/Guidelines-NetAttachedDevices2006.pdf
attempts to provide that baseline. As stated in the document
introduction "The purpose of this document is to provide a baseline of
activities to maintain and secure network attached devices which make up
network infrastructure. It can be used as a general checklist to
provide a minimum standard for configuring and maintaining network
devices"
That said, please keep in mind that this document is intended to
provide guidelines, and is not in any way a Policy document. This is
where MSUNAG can help. NCC would like your feedback on the document,
posted to the MSUNAG list (or to a member of NCC if you don't want your
comments public). The recommendations in the document were drawn from
many sources: magazine articles, industry best practice white papers,
hardware vendor white papers, security organizations like SANS, and
others. What we really want to know from network administrators in the
field is:
Is it complete? Does it provide a good baseline of general
recommendations for securing and maintaining network hardware? If not,
what did we miss?
Is it reasonable? We know that not everyone has the staffing resources
to do everything on this list. If you used this document to conduct an
audit of your own network support right now, would you be satisfied that
the most essential items are on the list? Even though you can't run
right out today and do everything on this list, over time could you do
enough of it that you feel the document is useful and serves a purpose?
Is it a good idea? Is it better to have something like this available,
knowing that many people won't do everything listed in the document,
that to have no recommended guidelines? Is there a better way to answer
the question "where can I find guidelines for X ?"
All comments are welcome and much appreciated. My thanks in advance
for your time and assistance, and I look forward to your comments.
John A. Resotko
Head of Systems Administration
Michigan State University College of Law
208 Law College Building
East Lansing, MI 48824-1300
email: [log in to unmask]
Phone: 517-432-6836
Fax: 517-432-6861
Current Chairperson of the
MSU Network Communications Committee
|
