1. Purpose
The company Network Device Configuration Procedure aims at establishing a standard guideline for network administrators in managing network devices. More specifically, this procedure provides a step-by-step guide to (1) configuring a network device, (2) Installing a new security patch (i.e. firmware upgrade) on a network device, and (3) monitoring (malicious) network activity.
2. Scope
This procedure includes all network devices or equipment that are connected to the IT infrastructure (or LAN) of the company. This procedure is thus applicable to all network switches, routers, firewalls and network hubs that are connected to the network.
3. Owner
The company, IT
4. Policy
Standardized configuration, updating, and monitoring procedures are necessary for maintaining network stability and preventing malicious activity. In doing so, the Network Device Configuration Procedure contributes to IT’s overall objectives regarding IT security.
5. Roles and Responsibilities
The Network Device Configuration Procedure involves the following roles and corresponding responsibilities.
| Role | Responsibilities |
| User |
|
| IT Manager |
|
| Security Team |
|
| System team |
|
| Helpdesk |
|
| Application Team |
|
6. Definitions and Abbreviations
6.1. Definitions
Firewall: An electronic boundary that prevents unauthorized users from accessing certain files on a network; or, a computer used to maintain such a boundary.
Local Area Network: A group of connected computers within a limited geographical area.
Monitoring: Continuous checking and evaluation of a process or system.
Routers: A system responsible for making decisions about which several paths network (or Internet) traffic will follow. To do this, it uses a routing protocol to gain information about the network, and algorithms to choose the best route based on several criteria known as routing metrics.
Switch: A networking device which can send packets directly to port associated with a given network address.
Hub: Like the hub of a wheel, a central device that connects several computers together or several networks together. A passive hub may simply forward messages; an active hub, or repeater, amplifies or refreshes the stream of data, which otherwise would deteriorate over a long distance.
Firmware: Software or computer instructions that have been permanently encoded into the circuits of semiconductor chips.
Intrusion Detection System: Software consisting of logging and monitoring activities to detect unauthorized attempts to access network resources.
Network: An integrated, communicating aggregation of computers and peripherals linked through communications facilities.
6.2. Abbreviations
LAN: Local Area Network
IDS: Intrusion Detection System
7. Procedure details
7.1. Procedure definition
The Network Device Configuration Procedure consists of three sub-procedures which are (but not necessarily) executed in order. For example, when a new network device has been installed, it first needs to be configured accordingly. Secondly, the network administrator will check whether any firmware upgrades are existent, and subsequently, will install these patches according to procedure. Thirdly, and finally, the monitoring process will be put into place in order to prevent malicious activity on the corporate network.
Changing the configuration
- The “Changing the configuration” sub-procedure is initiated by a user request (or any other trigger that necessitates a change of configuration).
- After receiving approved request by users’ manager, Helpdesk will open an eHelpdesk ticket.
- The network administrator, who is responsible for this procedure, will then determine whether or not this request is relevant. Then ask IT manager to approve it.
- If so, the network administrator will test the new configuration.
- If it passes the test, the administrator will back-up the old configuration and save the new configuration into the system.
- In all cases, a report must be written containing details about the process performed. This report must be filed into file storage for future reference.
Installing a new patch
- Security officer Checks new patch publish by vendor and IT in time. And provide patch assessment report to IT manager.
- Network administrator performs testing after IT manager approve.
- Network administrator performs making a back up, writing a report, and filing a report. Additional activities include the need to inform management and the scheduling of downtime period.
Monitoring network activity
- The “Monitoring network activity” is a continuous process that is only to be interrupted by the detection of suspicious activity on the network.
- An IDS detects this suspicious activity and warns Helpdesk of this fact. Helpdesk will then follow specified steps in order to address this problem.
- If helpdesk find any attack, they must inform system team to block the connection in time.
All three sub-procedures are clarified using procedure flowcharts in the following section.
7.2. Procedure flow charts
7.2.1. Change configuration activity
TBD
7.2.2. Installing a new patch
TBD
7.2.3. Monitoring network activity
TBD
8. ReferenceS
N/A.
9. Appendix A: network configuration change request form
| THE COMPANYIT HELPDESK FORM | |||||||||||
| NETWORK CONFIGURATION CHANGE REQUEST FORM | |||||||||||
| EMPLOYEE DETAILS | |||||||||||
|
|||||||||||
| PROCEDURE DETAILS | ||||
|
| FOR ADMINISTRATION |
| APPROVAL DETAILS | ||||||||||||||
|
| IT HELPDESK COMMENTS |
THANK YOU FOR YOUR COOPERATION!
10. Appendix b: network configuration changing Log
TBD
11. Appendix c: network patch updating Log
TBD
12. Appendix d: network monitor log
TBD