IT Support Blog for Small Business Owners

What's the Value of an IT Network Assessment?

Posted by David S. Mulvey on Fri, Oct 17, 2014

For a small business owner or IT manager an IT Network Assessment gives you a clear picture of your network infrastructure and the security posture of how the IT environment is set up and being maintained.  If your company is considering expanding your network, an IT Network Assessment is a great means to taking inventory and establishing a baseline of current performance levels.  An IT Network Assessment will identify equipment that is poorly performing or near its End-of-Life and will also reveal the skill level of the IT staff that is configuring and maintaining the IT environment. 

An IT system isn’t just technology for technology’s sake.  Technology should help meet specific business goals and provide value.  An IT Assessment can make sure that the technology is meeting these goals, or provide a blueprint for improving the technology and a specific and measurable template for achieving business objectives.  It can also ensure that IT technology and security is in compliance with government guidelines and best practices.

IT Network Assessment Report

Any business in today’s environment is running on a network of connected computers, servers, printers, and other hardware.  The network is the backbone of the entire company and can become a major bottleneck in business applications.  An IT Network Assessment will provide a network performance review and make recommendations based on traffic, errors, packet loss, and conflicts that can bring a business network to a halt.  Investing in new Servers and PCs is a waste of money if it is attached to a sub-optimal network.

There are any number of reasons that would motivate a business Owner to perform an IT Network Assessment. For example, if an IT employee recently gave his notice, it would be a good idea to have an independent third party assess the IT infrastructure and provide an unbiased report of how the employee is leaving the IT environment; are there any open issues that need to be addressed?  Another common motivator is that the business owner feels the business has outgrown the capabilities of the current IT Service Provider.  No matter what the motivation is; having an IT Network Assessment preformed can help you establish the current health of your IT environment and you receive the added bonus of evaluating the professional service and engineering work of the assessing IT Service Provider.  

Here is a great IT Network Assessment Checklist. A typical IT Network Assessment consists of 5 key evaluation areas:

  1. Server & Desktop Infrastructure: Document the hardware and software on each device, is there missing software license keys or worse yet are duplicate software keys in use?  Is any of the equipment out of warranty or End-of-Life support?
  2. Operating Systems & Active Directory Configuration: An inventory of Operating Systems and an evaluation of how the O/S is set up.  Is Active Directory in place, and is it correctly deployed?
  3. Patching & Anti-Virus/Malware Status: Are the Servers and PCs properly and timely patched? Is there a common Anti-Virus in place?  Is it updating, scanning and quarantining as expected?
  4. Data Backups & Business Continuity: Are your backups running? Can you restore a file, application or server quickly? Do you test your backups to insure they are viable?
  5. LAN/WAN Performance &Security: Are your WAN routers, LAN switches, and your Firewall all manufacturers supported, flashed to recent software levels, and configured to insure good performance and high security?

Let me share with ANP’s IT Network Assessment Process so you gain a sense of what to expect:

  1. ANP will send out on site our account manager to sit down with the Owner or manager in front of their PC.
  2. Our account manager starts a WebEx conference call between the business PC and ANP’s IT Network Assessment engineer.
  3. Once a WebEx session is in place, the ANP engineer will take charge of the business PC and drive through the assessment topics with the business owner watching over our engineer’s shoulder.

A few things are accomplished by taking this approach:

  • The Owner types in all of the passwords into his own PC; ANP never asks for and never sees the business password which insures the business data remains secure.
  • The Owner can actually watch and learn as the engineer evaluates everything in the assessment checklist.  They can see all of the issues with their own eyes.
  • The Owner has an opportunity to gage the technical prowess of the engineer performing the assessment.
  • Once all of the items are assessed, the WebEx session is shut down.  The technical data is collected and the information is reviewed for trends, problems and issues that are negatively affecting your network performance and security posture.  ANP begins the process of writing up our findings to review with the business owner.

Written IT Network Assessment Recommendations

Perhaps the most important deliverable in an IT Network Assessment is the Statement-of-Findings and the Recommended Remediation.  The assessment data is reviewed and compared with best practices, business requirements and common design requirements.  The results from the assessment are then utilized to develop specific recommendations that focus on design, equipment configuration, and security improvements.  ANP will write a Statement-of-Findings and provide you with some specific prioritized recommendations to remediate for the most significant issues. 

Typical assessment issues that are found are software that is out of license compliance or copied illegally which can cause huge fines and penalties to your business.  An IT Network Assessment will evaluate the existing software for compliance and create an audit process for future software.  A software audit now as part of an IT Network Assessment is much more cost effective than an audit later by a software company.

Security of your company data is a top priority.  Proper security measures not only protect the data from outside hackers and disgruntled employees, but the ability to demonstrate good security is essential for new sales and customer retention.  An IT Network Assessment will evaluate and make recommendations to close holes in security and help create a bulletproof computing environment for critical data.

Another typical result of the IT Network Assessment is that your backups are broken or not running at all.  ANP often determines that the wrong data is being backed up, or backup failures are going undetected and therefore not corrected.   Unfortunately most often the backups are not being tested at all and so you really don’t know if the backup copy is viable and can actually restore data when called upon to do so.

Start Today Idea: Once a quarter ANP offers a free IT Network Assessment to the first 5 companies that sign up.  ANP only requests that the company signing up has at least 30 PCs.  If you feel an IT Network Assessment might help you follow this link to see if we are offering a free assessment this quarter.   

 

Request A Free Network Assessment

Topics: IT Assessment, network assessment, IT Network Assessment, IT Network Assessment Checklist, IT Network Assessment Questions

The Heartbleed Vulnerability and Your Company’s IT Systems

Posted by David S. Mulvey on Mon, Apr 14, 2014

Heartbleed VulnerabilityANP proactively notified our clients twice last week to inform them about a new IT vulnerability that was announced on Monday April 7, 2014 called the “Heartbleed,” vulnerabilty.  For the most part, if you are reading this blog you are likely not a client of ANP’s so I want to take a moment to explain to you (hopefully in a non-technical way) what this vulnerability is all about and offer you some help if you think you might need it!

This vulnerability is coming out of a non-profit software development kit that many IT companies have used to create their secure web interface for their products. The software is from two programmers who created the OpenSSL Project®; they distribute a Secure Socket Layer (SSL) toolkit used in thousands of IT products and hundreds of thousands of web sites and servers.  SSL is the code that allows a web site to encrypt data between the users browser and the web site, you can see SSL in action when your browser URL displays “HTTPS” the “S” stands for secure which means your browser is running SSL data encryption.

Many web developers and commercial companies have used this open-source toolkit to develop their own SSL products, because it is faster and less cumbersome than writing their own SSL code.  As a result, there are many products (that you might own) that now have this vulnerably built into them.

Larger companies like Microsoft and Cisco write their own SSL code and so you don’t see them included in these type of open-source vulnerabilities, although because Cisco does acquire so many companies a year to get access to new products, they have published a small list of products that do have the Heartbleed vulnerability and are releasing the correction as they go through their products.

The "Heartbleed" vulnerability is a flaw in the OpenSSL software that may impact the security of passwords, credit card information and other personal data that is stored on your servers or passed through systems on the Internet. The vulnerability may allow a hacker to view or intercept personal information such as a password that is transmitted from a user’s computer to a server on the Internet during the process of logging in to an account.

Here at ANP, once the Heartbleed vulnerability was announced, we immediately began to analyze our client’s equipment to determine if the Heartbleed SSL vulnerability was an issue and if it was, we notified our client and began looking for a published software remediation to implement.  We also analyzed our own systems and software tools, interestingly, we did have an old web site that had the vulnerability and remediated the software.

I promised that I would help you and your company, hopefully this blog has helped you better understand the Heartbleed vulnerability.  ANP would be happy to do a free quick assessment of your IT environment to look for the Heartbleed vulnerability in your servers, software and IT equipment.  We will look at your IT systems and let you know if you have anything at risk. Call our office and ask for the Heartbleed assessment at (800) 572-3282. You can also do a quick check yourself to see if any applications in your company need a password change: Follow this link

 Request A Free Network Assessment

Topics: network assessment, heartbleed vulnerability

Is Your Network Security Adequate? Think Again!

Posted by Michael Silverman on Tue, Feb 18, 2014

network security resized 600Back on February 7th, NBC reported on potential security risks at the Olympic Games.  There was a lot of controversy about the article itself, but, accurate or a hoax, IT security doesn’t get the attention it should in small businesses.  More and more organizations, large and small, are being audited either by regulatory agencies or by existing or potential clients.  Years back, news was about virus attacks, followed by malware; today we’re regularly hearing about hacking.  Everyone wants to know their data is secure.

Data security is critical to ANP’s network management practices.  We protect data by leveraging “organizational wide” network security management best practices.  Having a firewall, unique passwords, and anti-virus programs might feel adequate, but times have been changing.  It’s critical to look closely not only at the IT infrastructure within your offices, but also at equipment owned by your staff and maybe even your vendors.

As I’m writing this blog, I’m sitting at home on my personal computer connected to the office.  There are lots of options for remote workers these days, but there are also network security risks that need to be mitigated if you have a mobile or remote work force.  Let’s touch on a few.

Home computers are usually vulnerable to viruses and malware due to lack of ongoing management and “the kiddie factor.”  Microsoft and other vendors do an adequate job of providing anti-virus and malware support for home computers, but only if the tools are leveraged and leveraged correctly.  If virus or malware activity infects your home computer and it is connected to the office network, you’ve just introduced a “back door” network security risk.  Could your organization be vulnerable to a home-based worker?

What about mobile devices like smart phones and tablets?  Apple iPhones and iPads are acknowledged to be natively more secure than Android devices.  Do your employees use both for connecting to the office?  You may limit their use to email, but do you also allow them into the office?  Onto the office wireless network?   ANP regularly performs Network Assessments for prospective clients.  It’s surprising to see how few companies segment their networks, restricting mobile device traffic solely to guest wireless networks.  There are also data security risks associated with email on mobile devices.  Just last week we completed an assessment for a company that was sending unsecured email to mobile devices, risking precious client information being shared with the outside world.

What about inside your offices?  Firewalls are designed to protect your network, and they do, but they are only one piece of the network security equation. Some of my clients leverage Intrusion Detection software to further analyze traffic passing through their firewall.  Though this software can be pricey, understanding the data these systems produce reinforces the need for a strong network security policy and operational discipline.  

In a 30-day period, I’ve seen “locked down” firewalls allow attempts at accessing servers from almost 20 different countries around the world.  That’s why network security is about a “system” of hardware, software, and operational procedures tightly woven to protect the organization and its sensitive data.

IT Security Equation

Here are a few questions to discuss with your IT staff or outsourced provider. Your answers will determine the next steps needed to establish appropriate levels of network and data security in your business:

  • How old is our Firewall and how current is its Operating System?
  • What is our Server and Workstation Patch status and update process?
  • Do we have any Windows XP computers in our network?
  • What is our password management strategy?
  • How do we control and manage access to sensitive information on our Servers?
  • Do we have a guest wireless network for employee smart phones and guest traffic?
  • When is the last time we had an outside network security Assessment?
Have any questions or comments? Interested in a free network assessment? Click the button below.
Request A Free Network Assessment

Topics: data security, IT security, network security, network assessment

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category