1
00:00:00,450 --> 00:00:02,280
When we deal with configuration management,

2
00:00:02,280 --> 00:00:05,910
it's focusing on maintaining an up-to-date documentation

3
00:00:05,910 --> 00:00:07,830
of our network configuration.

4
00:00:07,830 --> 00:00:09,150
Now, I can't count the number

5
00:00:09,150 --> 00:00:10,920
of times I've gone into a network

6
00:00:10,920 --> 00:00:12,480
to conduct an incident response

7
00:00:12,480 --> 00:00:14,670
and asked to see their diagrams and their diagrams

8
00:00:14,670 --> 00:00:17,340
look nothing like what the real network looks like.

9
00:00:17,340 --> 00:00:18,360
In your network,

10
00:00:18,360 --> 00:00:20,250
you need to have a lot of different procedures

11
00:00:20,250 --> 00:00:21,480
to make things run,

12
00:00:21,480 --> 00:00:23,970
and these will include things like asset management,

13
00:00:23,970 --> 00:00:25,890
baselining, cable management,

14
00:00:25,890 --> 00:00:28,050
and network documentation, updating.

15
00:00:28,050 --> 00:00:29,940
Now, having all these policies together,

16
00:00:29,940 --> 00:00:31,980
you can maintain a good configuration management

17
00:00:31,980 --> 00:00:33,270
over your network,

18
00:00:33,270 --> 00:00:35,028
but if you don't know what your network looks like,

19
00:00:35,028 --> 00:00:37,004
hopefully the bad guys don't either,

20
00:00:37,004 --> 00:00:39,840
because if they do, they're going to be way ahead of you

21
00:00:39,840 --> 00:00:42,120
as you're trying to conduct that incident response,

22
00:00:42,120 --> 00:00:44,130
and you really don't want that to happen, right?

23
00:00:44,130 --> 00:00:45,620
So when we look at asset management,

24
00:00:45,620 --> 00:00:48,000
this becomes a formalized system

25
00:00:48,000 --> 00:00:49,329
of tracking your network components

26
00:00:49,329 --> 00:00:51,900
and managing the components lifecycle.

27
00:00:51,900 --> 00:00:52,980
Now, you need to prepare

28
00:00:52,980 --> 00:00:55,350
and budget for all these different items in your network,

29
00:00:55,350 --> 00:00:57,127
and this means you have to gather all the requirements

30
00:00:57,127 --> 00:00:58,752
so you know what you're going to be buying

31
00:00:58,752 --> 00:01:00,267
and when you're going to be buying it.

32
00:01:00,267 --> 00:01:01,547
Then you need to plan

33
00:01:01,547 --> 00:01:03,517
and determine what components you're going to buy

34
00:01:03,517 --> 00:01:05,910
and when you're going to buy those things.

35
00:01:05,910 --> 00:01:08,070
This is all part of your network design.

36
00:01:08,070 --> 00:01:09,960
You need to determine the best configuration

37
00:01:09,960 --> 00:01:11,760
for all of these different devices.

38
00:01:11,760 --> 00:01:14,490
You need to implement it by installing it and purchasing it

39
00:01:14,490 --> 00:01:16,710
and configuring it and putting it into your network,

40
00:01:16,710 --> 00:01:17,970
into operations.

41
00:01:17,970 --> 00:01:19,470
You need to operate and maintain it,

42
00:01:19,470 --> 00:01:21,270
and that way people can actually use your network

43
00:01:21,270 --> 00:01:24,600
on a daily basis and you need to provide support to it.

44
00:01:24,600 --> 00:01:27,219
Again, this is where you're going to spend 70%

45
00:01:27,219 --> 00:01:29,010
of your time operations and maintenance,

46
00:01:29,010 --> 00:01:30,150
so you need to optimize it.

47
00:01:30,150 --> 00:01:31,620
You want to make sure it runs smoothly,

48
00:01:31,620 --> 00:01:33,390
efficiently, and reliably.

49
00:01:33,390 --> 00:01:35,520
And to do this, you need to improve the network design

50
00:01:35,520 --> 00:01:36,877
by implementing new devices over time

51
00:01:36,877 --> 00:01:39,960
or reconfiguring the ones you already have.

52
00:01:39,960 --> 00:01:43,440
All of this fits inside of the world of asset management.

53
00:01:43,440 --> 00:01:44,430
Now, the next thing you need

54
00:01:44,430 --> 00:01:46,410
to do is you need to create a baseline.

55
00:01:46,410 --> 00:01:48,346
So this is going to have you install the entire network

56
00:01:48,346 --> 00:01:51,432
and then collect data under normal conditions.

57
00:01:51,432 --> 00:01:53,580
This becomes your baseline.

58
00:01:53,580 --> 00:01:55,830
It becomes really useful because if there's an incident

59
00:01:55,830 --> 00:01:58,020
or you're trying to troubleshoot something, you can go,

60
00:01:58,020 --> 00:02:00,090
well, this is what normal looks like

61
00:02:00,090 --> 00:02:01,680
and this is what it looks like now.

62
00:02:01,680 --> 00:02:03,450
Now what's the difference between these two?

63
00:02:03,450 --> 00:02:05,108
That's the thing that's wrong and we need to go fix it.

64
00:02:05,108 --> 00:02:07,710
And so if you don't know what normal looks like ahead

65
00:02:07,710 --> 00:02:09,881
of time, you're never going to know what abnormal is

66
00:02:09,881 --> 00:02:11,880
because it doesn't look any different to you

67
00:02:11,880 --> 00:02:13,560
because you didn't know what normal was,

68
00:02:13,560 --> 00:02:15,990
and this is why creating a baseline is really important

69
00:02:15,990 --> 00:02:17,880
to your troubleshooting efforts.

70
00:02:17,880 --> 00:02:19,876
Next, we have the concept of cable management.

71
00:02:19,876 --> 00:02:22,080
This is the process of documenting

72
00:02:22,080 --> 00:02:24,690
your network's entire cable infrastructure.

73
00:02:24,690 --> 00:02:26,670
That's going to include things like your diagrams,

74
00:02:26,670 --> 00:02:28,170
how you label your cables,

75
00:02:28,170 --> 00:02:29,670
where you use your punch down blocks,

76
00:02:29,670 --> 00:02:30,870
and where they're located,

77
00:02:30,870 --> 00:02:32,940
the source of all your different cable locations

78
00:02:32,940 --> 00:02:34,350
and which closets they're in,

79
00:02:34,350 --> 00:02:36,300
and the destinations of all your cable

80
00:02:36,300 --> 00:02:37,980
as it goes throughout the building.

81
00:02:37,980 --> 00:02:40,500
This is an example of good cable management.

82
00:02:40,500 --> 00:02:42,360
You can clearly see each cable coming

83
00:02:42,360 --> 00:02:44,400
out and going into the run on the left.

84
00:02:44,400 --> 00:02:46,710
You can then see how each cable has been labeled.

85
00:02:46,710 --> 00:02:49,500
Each router and switch here has been labeled as well.

86
00:02:49,500 --> 00:02:51,540
Now we understand which one is which.

87
00:02:51,540 --> 00:02:53,250
This is extremely important when you're dealing

88
00:02:53,250 --> 00:02:54,600
with large environments.

89
00:02:54,600 --> 00:02:56,880
If you're dealing with a small network, like a small office

90
00:02:56,880 --> 00:02:58,770
where you have one router and one switch,

91
00:02:58,770 --> 00:03:00,540
and it'd be 10 computers, yeah,

92
00:03:00,540 --> 00:03:02,359
cable management isn't nearly as important

93
00:03:02,359 --> 00:03:03,862
because you can just hand over hand

94
00:03:03,862 --> 00:03:06,114
and trace where that cable goes and figure it out.

95
00:03:06,114 --> 00:03:07,484
It wouldn't be too difficult.

96
00:03:07,484 --> 00:03:09,576
Now, if you're doing this in a large network

97
00:03:09,576 --> 00:03:11,520
with hundreds of thousands

98
00:03:11,520 --> 00:03:13,196
or tens of thousands of devices on it,

99
00:03:13,196 --> 00:03:15,545
you really need to understand where all those devices are

100
00:03:15,545 --> 00:03:18,690
and label every single piece appropriately.

101
00:03:18,690 --> 00:03:20,848
Now, when you label things, how should you do it?

102
00:03:20,848 --> 00:03:24,480
Well, I recommend using a standard naming convention.

103
00:03:24,480 --> 00:03:26,910
For example, if it's in the HR department,

104
00:03:26,910 --> 00:03:30,360
I would have it labeled as HR_ D_RM102_ 0012.

105
00:03:33,750 --> 00:03:35,190
Now, what does that tell me?

106
00:03:35,190 --> 00:03:37,380
This tells me it's in the HR department,

107
00:03:37,380 --> 00:03:40,110
it's a desktop machine, it's in room 102,

108
00:03:40,110 --> 00:03:43,410
and it's the 12th connection inside of that switch.

109
00:03:43,410 --> 00:03:45,810
This gives me a lot of information just seeing

110
00:03:45,810 --> 00:03:47,250
how that's labeled, and by using

111
00:03:47,250 --> 00:03:48,720
that standard naming convention,

112
00:03:48,720 --> 00:03:50,670
I can do that throughout the entire building.

113
00:03:50,670 --> 00:03:52,410
And so if I go look in IT, for instance,

114
00:03:52,410 --> 00:03:54,917
I would see something that says IT_L_RM205_0004,

115
00:03:58,950 --> 00:04:00,510
which would be the IT department.

116
00:04:00,510 --> 00:04:02,580
It's a laptop, it's in room 205,

117
00:04:02,580 --> 00:04:04,200
and it's the fourth device.

118
00:04:04,200 --> 00:04:06,660
This is a common way of doing your numbering by having it

119
00:04:06,660 --> 00:04:09,300
as a building or department number, a room number,

120
00:04:09,300 --> 00:04:10,950
and then a device number.

121
00:04:10,950 --> 00:04:12,720
Giving it this unique serial ID

122
00:04:12,720 --> 00:04:14,460
for every single device is essentially

123
00:04:14,460 --> 00:04:16,560
what we're doing here by doing this cabling.

124
00:04:16,560 --> 00:04:18,410
If it's a switch, I might have an S in it.

125
00:04:18,410 --> 00:04:20,519
If it's a router, I might have an R in it.

126
00:04:20,519 --> 00:04:22,290
It's a firewall, I might have an F in it.

127
00:04:22,290 --> 00:04:23,123
You get the idea.

128
00:04:23,123 --> 00:04:24,707
You can use whatever system you want,

129
00:04:24,707 --> 00:04:26,910
but you just need to make sure you label everything

130
00:04:26,910 --> 00:04:28,680
and make sure your diagrams are updated

131
00:04:28,680 --> 00:04:30,420
and you understand what that scheme is.

132
00:04:30,420 --> 00:04:32,777
Next, we have network documentation.

133
00:04:32,777 --> 00:04:35,400
As I've already been saying, it's really important

134
00:04:35,400 --> 00:04:36,493
to keep your network documented

135
00:04:36,493 --> 00:04:38,910
and keeping it updated appropriately.

136
00:04:38,910 --> 00:04:40,530
You have to keep these things up to date

137
00:04:40,530 --> 00:04:43,440
because changes occur when I update a new machine

138
00:04:43,440 --> 00:04:46,440
that changes the network, and that changes the topology

139
00:04:46,440 --> 00:04:48,090
and the vulnerabilities that we have.

140
00:04:48,090 --> 00:04:50,130
And so I want to make sure I document it.

141
00:04:50,130 --> 00:04:51,360
Now by documenting it,

142
00:04:51,360 --> 00:04:54,180
that means we all understand that change was made.

143
00:04:54,180 --> 00:04:55,860
This is going to include all sorts of things

144
00:04:55,860 --> 00:04:57,750
beyond your normal diagrams as well.

145
00:04:57,750 --> 00:04:59,193
Even though we're going to have things like our diagrams

146
00:04:59,193 --> 00:05:01,916
that get updated and our wiring schematics also need

147
00:05:01,916 --> 00:05:04,230
to make sure we have things like our contact information

148
00:05:04,230 --> 00:05:06,030
for our network administrators.

149
00:05:06,030 --> 00:05:08,280
Who do I call when something goes wrong?

150
00:05:08,280 --> 00:05:10,260
I need to have that inside my policies.

151
00:05:10,260 --> 00:05:11,700
And when I think about those policies,

152
00:05:11,700 --> 00:05:14,040
what are those policies that govern my network?

153
00:05:14,040 --> 00:05:15,480
I need to have my network maps.

154
00:05:15,480 --> 00:05:16,560
I need to have my diagrams.

155
00:05:16,560 --> 00:05:17,760
I need to have my policies,

156
00:05:17,760 --> 00:05:20,400
and I need to know where all that documentation is.

157
00:05:20,400 --> 00:05:22,350
Part of that will also be my vendors.

158
00:05:22,350 --> 00:05:24,180
Who do I call when something breaks?

159
00:05:24,180 --> 00:05:26,700
Is that router or switch still under warranty?

160
00:05:26,700 --> 00:05:28,707
All this stuff becomes part of your documentation,

161
00:05:28,707 --> 00:05:31,290
and if I have all of those things together,

162
00:05:31,290 --> 00:05:33,780
I have my wiring schematics and my network diagrams

163
00:05:33,780 --> 00:05:36,120
and my standard operating procedures and my instructions

164
00:05:36,120 --> 00:05:38,370
and my warranties, I know where it all is

165
00:05:38,370 --> 00:05:40,440
in times when I need to get it quickly

166
00:05:40,440 --> 00:05:42,690
and I can go pull that off the shelf, look at it

167
00:05:42,690 --> 00:05:44,010
and get the answers I need.

168
00:05:44,010 --> 00:05:45,900
Now, let's say I wanted to upgrade a switch.

169
00:05:45,900 --> 00:05:47,050
How am I going to do that?

170
00:05:47,960 --> 00:05:49,830
Well, most companies are going to have a procedure for that.

171
00:05:49,830 --> 00:05:52,080
If I have a procedure for that, that's going to be helpful

172
00:05:52,080 --> 00:05:54,030
to whatever junior technician is on duty

173
00:05:54,030 --> 00:05:55,320
that night at midnight

174
00:05:55,320 --> 00:05:56,880
and has to upgrade that switch for us

175
00:05:56,880 --> 00:05:58,470
because something went wrong.

176
00:05:58,470 --> 00:06:00,180
Now we can take the time upfront

177
00:06:00,180 --> 00:06:02,310
to put all this together and document it

178
00:06:02,310 --> 00:06:04,590
and put it in a big binder or a share drive

179
00:06:04,590 --> 00:06:06,810
or a SharePoint site or something like that.

180
00:06:06,810 --> 00:06:08,760
Whatever we're going to use as our knowledge base,

181
00:06:08,760 --> 00:06:10,440
we need to make sure we know where it is

182
00:06:10,440 --> 00:06:12,870
and our technicians need to know where it is as well.

183
00:06:12,870 --> 00:06:15,090
Because without being able to put our hands on it

184
00:06:15,090 --> 00:06:17,940
and know exactly where it is, it doesn't do us much good.