Network modernization tips and advice
Practical advice for improving your network infrastructure
As government organizations upgrade their networks to consolidate data centers and enhance mobility to achieve compliance with mandates such as the Federal Data Center Consolidation Initiative and the Office of Management and Budget’s 25-point plan for reforming federal IT management, there are a number of tips they should keep in mind.
According to CDW Government’s unified communications experts, government organizations that have successfully implemented UC are also often doing at least one of the following:
* Establishing a new call center or expanding an old one.
* Integrating or consolidating two or more existing networks.
* Expanding or deploying a telework program for a significant portion of the organization’s workforce.
* Replacing obsolete or inadequate existing networks.
* Implementing a continuity-of-operations plan and supporting capabilities.
* Integrating branches of distributed operations, such as field offices.
CDW-G UC experts recommend that IT managers discuss with agency leaders how to couple telework and consolidation efforts with improvements in communications that can further enhance the organization’s effectiveness and cost-efficiency.
Agencies must also develop a plan for the future that includes wireless networks, according to James McCloskey, a senior research analyst at Info-Tech Research Group, London, Ontario.
Implementing and operating a wireless network is much easier than it was just five years ago. As agencies learn to embrace cloud computing, for example, the need for constant Internet access is fast becoming a requirement, leading Info-Tech to recommend that agencies strive to learn where to “cut the cords and rely more on wireless technologies,” McCloskey said.
When it comes to network security, government organizations considering wireless technologies might select added security protections, including:
* Multifactor authentication using one-time password fobs or text messaging.
* Wireless intrusion detection and prevention systems to identify, alert and automatically prevent attempts to hack the wireless network.
* Endpoint inspection and remediation, a component of network access control that identifies unsecured devices with missing or outdated anti-malware protection and missing Microsoft Windows patches. Network access isn’t allowed until patches are applied.
* Network segmentation and stateful firewalls, which allow administrators to redirect or restrict traffic from certain users or devices. Such tools can even direct guest users to an Internet connection that has no access to the internal network.
Source: Info-Tech Research Group
CDW-G’s technical experts offer additional advice to secure wireless access:
* Network administrators must remain wary of spoofing, in which hackers hijack the communications of users who believe they’re sending sensitive information via a secure pipeline.
* Encryption and authentication features — a required standard on switches and access points — must also protect wireless transmissions.
* Intrusion-prevention systems for wireless environments can help network administrators quickly identify unauthorized devices trying to break through security defenses.
* Wireless-savvy intrusion-prevention devices can beat back denial-of-service attacks designed to crash networks. Geofencing, a virtual perimeter around a geographic site, and other related techniques can be used to help IT managers grant access only to devices running at known and trusted physical locations.
* A virtual local-area network is another wireless security tool that can help regulate traffic using access control lists to guard against vulnerabilities that arise when guest users must find a way to connect to the Internet via a wireless link. IT managers might instead choose to dedicate a wireless LAN controller to divert guest user traffic to a secure location outside the organization’s firewall.