IT Security: Network Troubleshooting

Six proven steps to figuring out what’s wrong with your IT infrastructure


Nearly everyone has spent some dreadful time on the phone with a technical support engineer trying to troubleshoot and determine why your computer product that once worked perfectly, is now not working properly and you have no idea why. They typically walk you through the same basic steps that you have already tried — such as turning the system off, then turning on again — and if they can’t fix it, they then take you through an endless loop of departments and support persons. When that does not work, they have you ship the product back for repair.

If you think troubleshooting was difficult for a simple piece of software, diagnosing issues with your network is exponentially more complicated. Network problems need to be isolated, because root analyses need to be determined, as well as the impact to the network’s users.

Thanks to the rapid proliferation of IP-based security equipment, security professionals are being thrust into the dual role of physical and IT security manager — which should make troubleshooting strategies essential learning material. Even with the most complex networks, there are troubleshooting strategies that can make your life easier.

 

Understanding Configuration

Being proactive about knowing how your network is configured is important. There are many tools in nearly every IT professional’s toolkit that can do that for you. One is a baseline analyzer known as the Belarc Advisor (http://belarc.com), which does a deep interrogation into the computer hardware and provides information about the inventories on the hardware, software, firmware, and detailed configuration parameters such as system name, IP addresses, hard disk space available, etc. This tool can also provide information as to what patches have been installed and license keys used to activate software. It can be set to run on machines at periodic intervals, or collected from a single point in time if the configurations are not expected to change.

Another tool (this one is free), is known as Nmap (http://nmap.org), which generates a graphical map that performs electronic discovery of a network, and provides a detailed representation of how the network looks in an easy-to-read format. The software also performs security analysis, and can be customized to enable the addition of field and custom descriptions that can help identify how one system interacts with others.

 

Network Monitoring and Management

Network Monitoring can be managed from an easy-to-use dashboard that can show indicators relating to server health and network communications errors, and creates logs that collect information from various devices on your network.

One such tool is “What’s up Gold” by Ipswitch (www.ipswitch.com) — a tool that can send alerts via email, SMS, and other devices if communications between devices fail. The software can, in some instances — such as in a disk near-full condition — provide a pre-failure notification based on user configurable options.

 

Isolating Network Failures

When a network problem is experienced, how does the IT security professional hear about it? In small networks, the notification is usually from an end-user who either calls IT directly or enters a request into a help desk system which generates a trouble ticket. In larger network environments, it is usually an automated alert which provides advisory notifications and electronic maps which resemble traffic control rooms with a series of green lights that turn yellow or red which caution when your outage conditions occur.

Regardless of how IT gets the information of a problem, the first job is to provide service resumption of the system back to its normal state as quickly as possible — so to impact the user community as little as possible. Some of the questions IT will need to find out will include:

• When did the problem start?

• Was there a recent configuration or state changes that could have impacted the system?

• What were the baseline configurations of the system prior to the error?

This content continues onto the next page...