IT Documentation - The Blog

What is Happening in My Network?

December 11, 2014

One of the many challenges a CTO has to face in his or her job is to know at any time what is going on in the corporate network. The CTO is the responsible manager for this domain, so this person must find a way to always be in the know. It goes without saying that collecting the relevant information should not affect the network traffic and that the collected data must not get into wrong hands. The CTO must perform continuous analyses and checks to determine which IT systems are in use, which protocols are employed, and which systems communicate which each other. And what about the data that is transferred to third parties and the data entering the network from outside? All this information must be available for evaluation at any time, even if that particular period of time lies in the past. Especially if personal data is involved, you are required to properly document and archive the information, otherwise you will get into trouble with the data protection officer.

This means that the CTO must strike a balance between these requirements and at the same time comply with the statutory regulations – which seem to be almost contradictory. Depending on the company size, you will have to rely on software for this purpose. Do we really need yet another tool?

Well, it depends. If you are using the Docusnap documentation tool, you already have a suitable software solution at hand. With Docusnap, you can both create the required documentation for network monitoring and search for new systems.

Inventory data not only serves IT documentation

If your network is not too large, you might have an overview of all connected systems, so that a new system would immediately catch your eye. A Docusnap inventory scan lets you search for devices by IP address ranges. Analyse the scan results to find out if IT systems are part of the network which have not been set up by the IT department. While you need to get an overview of the IT systems in use that is as current as possible, you need to weigh up the frequency of the necessary inventory scans against the network traffic they produce.

If external systems are generally not allowed in your network, you might be alerted by the device name alone. However, if BYOD (Bring Your Own Device) is common practice in your company, you will not be able to detect any “strangers” this way. It is obvious that it makes no sense at all to search for external devices since you officially allowed their use in the network. In this case, you will have a hard job to protect the network from undesired software and network sniffers, let alone all the other compliance issues.

If you – hopefully – only allow company-owned devices, you can use the Docusnap inventory data to identify new systems. This way, your inventory data provides added value, as it not only serves the IT documentation. Use the Docusnap Relations module to document communication channels which are known to you and thus approved by you. Based on this documentation, the IT department is now able to examine the network traffic using suitable tools.

Network sniffers

When reviewing this documentation, you will have to determine if it is complete and complies with all regulations. For this purpose, it will be inevitable to use network sniffer such as Wireshark. The use of such a “hacker tool” in a production network, however, is not at all unproblematic. On the one hand, the IT department is supposed to have an overview of the network it is in charge of. At least, the IT staff should know which IT systems use which protocols to communicate with each other. To enable the relevant checks, the CTO has no choice but to allow the use of such a tool. On the other hand, the IT staff might obtain information they are not supposed to have access to. Consequently, network traffic should be encrypted, but unfortunately, not all IT systems can be configured for appropriate encryption. This situation is a bit of a dilemma.

Proper processes for a better overview

Did you implement a controlled change management process that governs the installation of hardware and software or the commissioning of new IT systems? Despite all instructions and provisions, you unfortunately need a feasible way to verify their implementation. What cannot be measured, cannot be managed. This means that, to be able to manage your network, you must measure (analyse) the traffic to see if all communication taking place in the network uses the known and desired channels and systems. Internally, you should proceed as transparently as possible. Otherwise, you might soon be suspected of being the “big brother” of your users. But it is certainly not your intention to act as the national intelligence agencies’ little helper. J

Most users are absolutely careless about the use of software. If they were in control, they would install whatever comes their way, even if the corresponding license keys were generated by a software cracker or obtained from corresponding websites. But how can license management be successful if the processes are not being complied with? By inventorying and evaluating the software installed on the various computers, you can detect even such misuse.

As the responsible IT manager, it is your due diligence to keep yourself informed of what goes on in your network.