The following text is copyright 2008 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

Network managers: good worries, disappointing lapses

 

By: Scott Bradner

 

VanDyke Software recently published the results of the 5th annual edition of the survey of network and system administrators they hired Amplitude Research to conduct and analyze. (

http://www.vandyke.com/aboutus/news/pressreleases/company/vandyke_report04-08.pdf)  Most of the survey questions concerned security, as it should be considering the importance of that topic.  The general results (also covered by Debise Dubie http://www.networkworld.com/newsletters/nsm/2008/042108nsm2.html?ts0hb=&story=wknd_wir) generally realistic -- managers felt that issues that they might have an ability to effect were more important than some of the issues (like user training) that managers often feel are impossible or at least outside their ability to achieve.   But behind the headlines there were some results I found surprising and not just a little disappointing.

 

Most usefully, VanDyke has been commissioning this survey for 5 years so one can get a sense of the changing management pain points. The issues the managers who answered the survey this year felt to be the most important were securing remote access (up in importance over the last 5 years), keeping virus definitions up to date (down quite a bit over the same period) and monitoring intrusions (which has stayed about the same).

 

The biggest decline in importance over the 5 years the survey has been run is patching systems.  I expect this is not because the need to patch has decreased in any way but because patching systems are now quite mature and thus are not a significant worry.  I also expect that the drop in importance of keeping virus definitions up to date has dropped for the same reason.

 

For all the focus on real problems mentioned by the survey a few important ones seem to not be getting proper attention.  At the same time that many managers are worried about real issues some are operating their networks in very dangerous ways.

 

More than a quarter of network managers admit that they are still configuring their network devices using insecure telnet and more than a third are using insecure HTTP rather than using secure SSH or HTTPS.  While this is down quite a bit from 5 years ago it is still far too high.  I only hope that there are no cases where the network manager has to access the network devices while at a conference or hotel.  It is real easy to hand control of your network devices to a random observer in such cases.  A tail from long ago illustrates the potential for mischief when passwords get leaked, as they can be with telnet & http.  The router passwords for a good-sized ISP got compromised.  One day someone logged into each router in succession, starting with the ones furthest out.  He (or she) proceeded to turn off each outward facing interface and change the password on the router.  It did not take long for the network to have the forwarding ability of a pile of bricks.

 

The other clear and present danger is the lack of the use of secure file transfer methods when exchanging confidential information with third parties (e.g., customers, vendors etc) and when doing the same with remote offices.  Less than half of the respondents said they always used secure methods in both cases -- another quarter said they mostly did.  This makes me sad - with all the coverage of security issues there are still organizations that actively try to give their secrets away.  One can only wonder where their auditors are.

 

disclaimer: I know where Harvard's auditors are (which is one reason I wonder about some other auditors) but they have not, nor has the university, reviewed this survey report so the above review is mine.