Good morning all, Based on previous discussions at MSUNAG meetings, as well as discussions within the Network Communications Committee, the members of NCC have created a guidelines document for network infrastructure hardware (ie, switches, hubs, routers, etc.). The primary purpose of the document was to answer a question that many of us have heard at meetings on campus for years: Does anyone have a good baseline document that describes how to configure and maintain network gear? The document, found at: http://www.ccsac.msu.edu/ncc/documents/Guidelines-NetAttachedDevices2006.pdf attempts to provide that baseline. As stated in the document introduction "The purpose of this document is to provide a baseline of activities to maintain and secure network attached devices which make up network infrastructure. It can be used as a general checklist to provide a minimum standard for configuring and maintaining network devices" That said, please keep in mind that this document is intended to provide guidelines, and is not in any way a Policy document. This is where MSUNAG can help. NCC would like your feedback on the document, posted to the MSUNAG list (or to a member of NCC if you don't want your comments public). The recommendations in the document were drawn from many sources: magazine articles, industry best practice white papers, hardware vendor white papers, security organizations like SANS, and others. What we really want to know from network administrators in the field is: Is it complete? Does it provide a good baseline of general recommendations for securing and maintaining network hardware? If not, what did we miss? Is it reasonable? We know that not everyone has the staffing resources to do everything on this list. If you used this document to conduct an audit of your own network support right now, would you be satisfied that the most essential items are on the list? Even though you can't run right out today and do everything on this list, over time could you do enough of it that you feel the document is useful and serves a purpose? Is it a good idea? Is it better to have something like this available, knowing that many people won't do everything listed in the document, that to have no recommended guidelines? Is there a better way to answer the question "where can I find guidelines for X ?" All comments are welcome and much appreciated. My thanks in advance for your time and assistance, and I look forward to your comments. John A. Resotko Head of Systems Administration Michigan State University College of Law 208 Law College Building East Lansing, MI 48824-1300 email: [log in to unmask] Phone: 517-432-6836 Fax: 517-432-6861 Current Chairperson of the MSU Network Communications Committee