Network device configuration – to err is indeed human!
In this blog, I wrote at length about the most telling finding of Network Barometer Report 2015. For the first time ever, we measured how long it takes, on average, to troubleshoot and repair network devices that we monitor and manage on behalf of clients via our remote infrastructure management platform, versus devices not managed in this way.
The difference was astonishingly large. It took a massive 75% less time to troubleshoot a faulty device monitored and managed on our platform than otherwise. Consequently, those devices took 32% less time to repair. The conclusion is clear as daylight: if you don’t have the right tools and processes in place to monitor and support an ageing network, it’s better to leave it to the professionals.
But that wasn’t the only network support services data that we found compelling. Some of the other statistics also stood out, which had more to do with what causes network outages in the first place. Delving deeper into the types of configuration errors that caused outages over the last year, we noted a slight increase in errors that occurred in voice gateways and industrial switches. This is concerning, as voice gateways are often exposed to external parties and therefore more open to attack. Given the criticality of keeping industrial manufacturing environments up and running without interruption, we also expected more rigorous controls in relation to the configuration of underlying infrastructures in this type of environment. That was clearly not happening.
The most common configuration errors in networks today can be broadly grouped into two categories of device configuration: network services and system settings; and access management. Network services and system settings allow for the remote management and basic functioning of the device. Of all discovered wireless devices, routers, and switches, 31% had critical configuration violations, which will allow a malicious user to gain unauthorised access to the device, or misuse or bypass security controls for network traffic.
As far as access management configurations are concerned, over 49% of analysed networks don’t have a centralised authentication strategy in place. That means system administrators would have to manually maintain authentication details for each device, as there’s no central policy to manage and audit configuration changes. This, in turn, hinders the organisation’s ability to maintain visibility of changes in the network and secure the environment against unauthorised configuration changes that may cause downtime.
There’s a strong correlation between the application of configuration standards and best practices in the network, and your ability to reduce the duration and impact of network device outages. The combination of organisations allowing critical configuration violations to remain within a productive environment and not centrally managing network assets, points towards a broader concern: networks aren’t as well maintained as they ought to be. Keep in mind that configuration errors are human mistakes. That means that they can be avoided!
How does your network compare? Read the full Network Barometer Report 2015 to find out.