Managing Network Configuration Changes: Five Best Practices

Do you know what the most common cause of network outages and performance problems is? Misconfiguration.

For as much time and energy as people spend talking about issues such as infrastructure and cybercrime, the truth is that basic low-level configuration challenges are still the biggest “threat” to properly-functioning networks. Following best practices in network monitoring and configuring when implementing any kinds of changes, or just in day-to-day maintenance, can make a world of difference when it comes to maintaining a well-optimized network.

What Causes Network Misconfiguration?

The list of reasons why a network might end up poorly configured is endless, but these are some of the most common reasons.

  • Major software upgrades without proper planning. This has been a particularly large challenge in 2020, as many companies have been scrambling to implement systems to accommodate workers staying at home. Without proper planning, issues are bound to occur.
  • Changing security / data regulations. Every year brings more stringent regulations on data handling, retention, and other security-related issues. Updating policies and configurations to deal with these changes can easily cause unexpected problems to occur.
  • Unauthorized network changes. Well-meaning employees or managers may attempt to “fix” problems, and only create new problems as a result. You need solutions for network monitoring that prevent these changes from becoming problematic.
  • Difficulty monitoring or updating remote systems. Again, this is another problem that has been brought to the fore by the 2020 coronavirus outbreak. Too many new devices getting onto a network, without proper network monitoring and configuration tools will quickly degrade performance.

In short, maintaining a robust and effective network requires constantly staying on top of new situations, and having clear plans of action for implementing changes when they become necessary.

Five Best Practices For Network Monitoring And Configuration

1 – Have standardized configurations for all major device categories

This one might seem basic and obvious, but you’d be surprised just how often we see IT managers overlook this relatively simple step. You should have standardized configurations for every type of device that might be attached to your network. This should include LAN switches, WAN switches, hubs, Wi-Fi routers, and any other commonly used devices. Having standardized configurations reduces the likelihood that new devices will cause major new problems.

Of course, you won’t always be able to rely on the standard configurations, but it’s a start. For one thing, a well-written set of standards means that everything begins in a situation where all existing rulesets are already being obeyed. This makes it easier to remember your priorities, as you fine-tune the configuration for new devices.

Also, this will help mitigate the damage done by any unauthorized network upgrades. Ideally, no one would ever attach any new devices to the network without clearing it, but at least if they do, you’ll hopefully have a configuration in place that will prevent the device from causing any sort of catastrophic harm or opening up major security holes.

2 – Maintain a database of previous functional network configurations

Again, this is basic stuff, but basic stuff that gets overlooked or ignored as a needless redundancy. You should always keep backups of at least the last 3-5 good working configurations, so that reversion is always an option if a new network upgrade or piece of equipment proves to be unexpectedly problematic.

This is also a good hedge against problems caused by malicious interference in your network configuration. If a hacker or virus manages to shut down some of your protections, you should be able to restore the previous configuration as quickly and easily as possible.
Plus, they give you a benchmark to judge new configurations against if you’re ever uncertain whether an improvement has actually improved anything.

3 – Have a real-time change alert system

If you really want to be on the ball about preventing unwanted changes to your network – whether well-meaning or malicious – then invest in a real-time network monitoring and alert system. You should be able to configure this with whatever flags you find useful so that you’ll know instantly if anyone besides yourself has made any significant changes to the network, devices, or configuration.

Plus, this can be invaluable in the case it is some sort of cyber-crime. You’ll know what’s happened faster, and you’ll be able to backtrack the changes more quickly to their original cause.

4 – Document all changes extensively

On the topic of backtracking, there’s also really no such thing as “too much documentation” when it comes to tracking changes. From major network upgrades to everyday tweaks to your configurations and rulesets, everything should be documented. This is especially important if there are multiple people empowered to make network changes on your behalf. Databases of changes may be the only way to figure out who did what if a misconfiguration crops up.

Also, there’s always the matter of human error. When a simple typo can potentially derail a ruleset, it should take as little time as possible figuring out where it came from. The documentation process itself will also provide an opportunity for small mistakes to be noticed before they go live.

5 – Automation is your friend

And on the subject of human error, why rely on manual labor when you can avoid it? Most of the items discussed here, such as logging changes and maintaining configuration backups, can be automated. Mistakes such as typos are much less likely to become an issue when there is a robust automation system handling minor day-to-day tasks.

When implementing any sort of automation, it will be vital to test it thoroughly in some sort of sandbox environment. Likewise, you should have processes in place to verify each step in the automation process so that you can oversee their behavior until you’re certain that everything is running as planned. Done properly, however, automation will save you a lot of manhours, as well as reducing accidental mistakes.

Pandora FMS Offers The Network Monitoring And Supervision You Need

Pandora FMS is a best-in-class monitoring software aimed at giving IT managers all the tools they need to oversee their networks, regardless of size, complexity, or physical location. We’ve specialized in network and server monitoring tools for over fifteen years, and are relied on by companies in forty countries around the world.

Click here for a free trial of Pandora FMS!

Do you want to stay updated?

Pandora FMS newsletter, will keep you informed about new releases, plugins, features and integrations. We won't ever give your email to anybody else.

You're now subscribed to Pandora FMS. Thanks!

Shares

Download the most comprehensive report on secure monitoring from IDG research