Non-Merged It Audit

Aug 13, 2012   //   by NPV Webmaster   //  Blog  // 

Introduction

NPV Corporation visited a client on January 24, 2007 to review the organization’s current business use, needs and management of technology. This report provides the findings; immediate, short-term and long-term recommendations; and a rating of the organization based on industry standards and best practices. This was a single site IT assessment. The site was evaluated to better understand the organizations current IT readiness and to assess the organization’s current IT strategy.

We outlined the network infrastructure, including both the local area network and the wide area network of the organization. Throughout the process we analyzed the current infrastructure.

Scope

Throughout this assessment, we examined the following areas:

  • System Inventory for current server setup
  • Hardware / Software
  • Network / Connectivity Audit
  • Sample Desktop Systems Audit

Overview

This client offers the most comprehensive cost-effective insurance coverage. The company has about 15 computer users, and shares an office with another insurance agency. The two agencies share the T1 costs, by splitting the 15 voice lines between both organizations, and sharing the data across both offices.

As a result of individual interviews, and site visit, we uncovered several things about the network that have been very well done. In general, we found that the client has made tremendous progress in overall network architecture, to improve intra-office connectivity.

Assessment and Recommendations

The following chart summarizes our finding on each of the key areas within the company; however a more detailed explanation follows for each category listed in this chart:

 

N/A Exceeds Meets Needs Improvement Cost Reduction Opportunity Description
X Internet Connectivity
X Firewall
X Local area network - LAN
X Wide area network -WAN
X Desktops
X Application Server
X Database Server
X File Server
X Storage
X Email Server
X Back-Up
X X Catastrophe Plan
X X Anti-Virus
X Infrastructure, Security & Power Supply
X Web Site
X X Network Management, Maintenance & Monitoring

 

During the on-site visit, we noted a few issues, including hardware and software configurations, and documentation gaps. The following are major issues and concerns that should be addressed soon. A list of specific findings and resolutions are enumerated in the appropriate section in this document.

Internet Connectivity

Network connectivity is provided via a shared voice/data T1. Port scan inspection of the wide area network imp demonstrates a few open ports, which may not be a problem. For the sake of completion, we are making you aware of the results of the port scan. Interesting ports on host 3.209.113.202.conversent.net (209.113.202.3): (The 1656 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 3389/tcp open ms-term-serv 5631/tcp open pcanywheredata 5632/tcp closed pcanywherestat Nmap run completed -- 1 IP address (1 host up) scanned in 336.138 seconds

DSL generally provides adequate wide area network connectivity. Cable internet is generally faster and more reliable, and Verizon FIOS is even faster yet, however, not generally necessary. T-1 service is rarely warranted in any small business.

Firewall

Linksys Router appliance is currently in use and should meet all of your needs including port forwarding, remote administration, etc. Linksys appliances older than 3 years have been known to lock up and freeze at periodic intervals, once they start to decay. Should you find that your Linksys appliance needs to be rebooted on a periodic basis, consider replacing it. In general, unless their is an outage from your provider, your connection should never go down.

Given the number of hack attempts on all networks today, we strongly recommend a firewall under ALL circumstances.

Local area network – LAN

Local area network is 100baseT which should provide adequate responsiveness for all fileserver requests.

Minimum recommendation for any network today is 100baseT with conventional cat5e cabling. Wireless networks should always be encrypted. Should you decide to implement a wireless network, it would be imperative that it be professionally installed to ensure that correct security measures be implemented.

Wide area network –WAN

T1 circuits are used to provide Internet connectivity. Given your needs for remote access, this circuit provides the most reasonable solutions for your network.

Desktops

Desktops appear to be less than 5 years old, and demonstrate appropriate responsiveness.

In general, desktops should be rotated every 3-5 years to ensure minimal system failure. In addition, all desktops should be checked periodically to ensure that they are not bogged down with unnecessary Trojans, Viruses or Spyware. NPV Care services provide such a service.

Application Server

Applications services provided on local server. Platform software and hardware currently meet the needs of this application.

Database Server

Unless you are running a dedicated server system, such as Oracle or SQL server, all databases should be kept on redundant disk array servers to ensure minimum damage upon drive failure.

Server Notes

Your server is running Windows 2003 Standard Edition.

NPV recommends a centralized server for your data storage for a variety of reasons. A centralized server offers three major benefits that cannot be easily realized with any other system configuration.

  1. Redundancy – Centralized server allows you to create redundant drive arrays to better protect your data. To learn more about redundant arrays of drives, refer to the appendix on RAID level descriptions.
  2. Organization – Data is always organized on one central server, allowing for better access to company info by all staff, centralized point of backup and increased security by protecting folders with user logins.
  3. Centrality – Central location of data, central location for backups, central location for security. Centralized authentication of users, therefore protecting data against unwanted intrusion.

Storage

Storage appears to be adequate and centrally located on file server on RAID 1 mirror drive array. The free space remains around 35G, and though this would not normally be considered much for an organization this size, it may be adequate based on your particular usage.

NPV always recommends that storage systems be redundant, mirrored across several drives, on one dedicated server, or across redundant mirrored servers, depending on the size of the company. This drive/disk configuration is known as RAID – Redundant Array of Inexpensive Drives. NPV recommends that you employ a RAID 1 drive mirror as a minimum drive configuration on any server maintaining critical company data.

Email Server

Your email server is Microsoft Exchange and is administered in-house. NPV Recommends that you ensure that Exchange is backing up all emails on a regular basis. It would be prudent to audit this process as well and audit the backup, simulating the need to recover any given test mailbox.

Most email configurations are either hosted locally, by a local application, such as MS Exchange server or decentralized and pulled from a remote email server provided by a third party internet service provider (ISP). Most small offices do not need much more than this, however, it is critical that your provider allow you administrative control of your email accounts and scan all incoming messages for known spammers and viruses on attachments. Decentralized email means that your email is always copied to your local desktop, and removed from the ISP. If at any point, your local hard disk is damaged; your email will be lost. NPV recommends you implement an email backup strategy for your local email in a decentralized email setup, where your email comes from an ISP.

Email should always be scanned for viruses. If you do not have a solution for scanning emails, consider using open-source email scanning tools. In addition, NPV Corporation’s email server scans all customer emails for spam and viruses for NPV email clients. All emails passing through our mail server is guaranteed to be virus free! In addition, we reject messages from senders known to be on Internet blacklists for known spammers. All other email is analyzed and tagged as spam, should it be determined to be spam. Consider using NPV’s email server, if you are not currently receiving this quality of service from your current provider. NPV’s email scanning services are compatible with MS Exchange or any local corporate email systems.

Back-Up

Tape backups done daily, and tapes rotated off-site weekly. Magnetic media tends to fail over time. NPV Recommends that you rotate new tapes into circulation on a regular basis. We also recommend that you audit tapes on a periodic basis. Select a random file, and make an attempt to recover the file.

Systems, drives and technology are prone to failure. Given this nature, it’s important to ensure that you maintain faithful backups of your most critical data. Theft also plays a part in the loss of data, giving rise to the critical value to regular periodic backups.

Furthermore, it should be considered imperative that data backups be audited on a periodic basis. Magnetic media backups tend to fail often and generally when you need them most. Optical backups tend to have a longer shelf life, however, if the backup is not determine to succeed the first time, data retrieval is likely to be spotty at best, when needed most.

Catastrophe Plan

Off-site storage is currently being used. Though data is still maintained off-site, this still relies on the diligence of individuals. NPV recommends that you automate this process to ensure consistency in the process.

Facilities failures, fires, theft etc., have made off-site backups of data imperative. Commodity pricing of hardware has made your most valuable asset to be your data. Loss of data is catastrophic to any company. Consequently planning for complete systems failure, theft, facility failure is imperative. NPV provides automated off-site backup services for your business. Consider using this service, should your current off-site strategy not meet your needs. Automated solutions will always be more reliable than manual intervention in this process. Our remote backup strategy is automated and transacted nightly. Your information will available over a secure web browser interface.

Anti-Virus

The anti-virus software being used is Norton. Not all systems seem to have this installed, however, consider employing open-source tools to accomplish the same thing. Open source virus scanners are often better maintained than commercial applications and they are free.

Anti-virus solutions are critical to protecting your company data. There are some open-source anti-virus solutions available today which will keep your data safe. In addition, if your ISP is not checking your email for viruses, then consider using NPV Corporations as your email provider to verify and ensure that your email is virus free. NPV email servers are 100% Virus Free Guaranteed!

Infrastructure, Security & Power Supply

Systems are periodically monitored.

Where fileservers exist, NPV recommends that you always protect access to your server, by keeping it away from general use, protecting data with appropriate username/password security, and protecting up time with adequate power failure protection. Uptime from brownouts, power failure should be protected by Uninterruptible Power Supply protections. In most cases this type of protection is reasonably inexpensive and ensures that power interruptions, voltage spikes or brown outs do not damage hardware.

Network Management, Maintenance & Monitoring

There is none currently in place.

NPV recommends that you monitor server logs, firewall logs, and network activity to determine that no infractions have taken place and that all systems are operating under normal operating conditions.

Web Site

Web sites matter for two reasons: today's customers expect a company to have a web site, if only to provide contact information or locations, and at least some parts of most companies have discovered that web sites can cut costs; generate additional revenue, or both. However, even a simple web site comes at a cost, so it is important to make certain that the business value is known and optimized.

A web site can be either a drain or boon depending solely on its effectiveness at meeting the business requirement. The difference requires an understanding of how investments in the web site tie back to and improve business value, then managing the factors that create barriers. This ultimately leads to the need for appropriate metrics.

Most web sites have multiple destinations or functions that visitors can access. This creates a complex situation, because the overall business value of the web site comes from the sum of the destination values. Therefore, each destination should have explicit business objectives.

Business objectives generally tie back directly or indirectly to either reducing costs or increasing revenues. Clearly the easiest business objective to measure is a direct increase in revenue or sales. However, even in this case, additional metrics are advisable to track more detailed parameters that lead to that objective and to track early indicators of future changes.

Summary

Your organization has worked hard to implement and maintain the level of infrastructure that you currently have in place today, and though there are many things that have been done quite well, there are some things that could be improved. We recommend that you make the following technology changes at your earliest convenience.

1) Establish consistent network monitoring and maintenance plan 2) Setup remote backup automated plan

Should you wish to discuss implementing these changes, please contact NPV Corporation at your earliest convenience.

Recommendations

Network and systems stability and reliability are the top most IT goals set by the company. Its operation and efficiency are highly dependent on the availability of data and server-based applications. To achieve this goal, a maintenance plan needs to be established to apply the required network modifications and updates.

Following are our recommendations, which we intend to complete under our NPV Care program. We estimate the Initial Phase of the NPV Care program to be completed in 30 days. Afterwards, we will switch into maintenance mode and execute our standard procedure for ongoing NPV Care program. We also identified several IT services critical to ensuring stability and availability of data and network services. These tasks must be completed to ensure network services and server applications are functional, available, and stable. Initial estimates for these projects are included this document for your approval.

NPV Care Program – Scheduled Maintenance

Regular maintenance and being proactive will allow significant benefit to your company in the future. NPV will schedule a consultant to arrive at your site each week or every other week as needed to provide you with NPV Care. Many of the tasks and recommendations described in this document are performed during NPV Care visits. The consultant will spend a pre-determined number of hours on site going through the NPV Care checklist. This includes checking the server(s), system logs, backup logs, power logs, de-fragmenting the local user’s workstations and talking to you and the users to make sure there are no pending problems. They are also available to complete any tasks you may have along with answering any questions on future hardware and software upgrades. Many times, a user will report a problem or something they noticed to be different from the usual computer activity and report that to our consultants. This can be a good indicator of potential problems on the network. NPV consultants will follow up on the reports to make sure there are no problems that can disrupt your business.

Stabilization Process

Stabilization is the one-time process required to bring a system’s existing hardware and software to its maximum potential in terms of stability and performance. It can include some or all of the following:

  • Installing and reconfiguration of server based applications and network services.
  • Installing and configuring Operating System and Application updates, Services Packs, hot fixes, and security updates to fix or prevent a specific problem.
  • Running utilities to insure physical integrity of hard drive, cabling, and other components.
  • Check and adjust Operating System and Application configurations to optimal settings.
  • Remove unneeded bundled applications, files and applets.

 

On behalf of NPV Corporation, I would like to thank you for the opportunity to assess your network. We appreciate the opportunity to prepare and present this Assessment of ongoing technology and business process needs to you and your colleagues at the company. Please do not hesitate to call us to discuss any questions that may arise.

Glossary of Terms

Active Directory: Active Directory is Microsoft's trademarked directory service, an integral part of the Windows 2000 architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.

Anti-Virus: A program or hardware device specifically designed to repel, detect and defeat malicious applications designed to damage computer systems.

Builds: A numerical value associated with a specific service pack, security update or hot-fix. This number can be referenced to determine what modifications have been made to a program or Operating System.

DHCP: Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP address. When an organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each machine. Without DHCP, the IP address must be entered manually at each computer and, if computers move to another location in another part of the network, a new IP address must be entered. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network.

DNS: The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses.

Domain controllers: Primary domain controller (PDC) and backup domain controller (BDC) are roles that can be assigned to a server in a network of computers that use the Windows NT operating system. Windows NT uses the idea of a domain to manage access to a set of network resources (applications, printers, and so forth) for a group of users. The user needs only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. One server, known as the primary domain controller, manages the master user database for the domain. One or more other servers are designated as backup domain controllers. The primary domain controller periodically sends copies of the database to the backup domain controllers. A backup domain controller can step in as primary domain controller if the PDC server fails and can also help balance the workload if the network is busy enough. In a 2000 environment, all servers act as a PDC, replicating data on regular intervals.

Firewall: A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an internal network that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. A firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall is often installed on a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.

GPO: Group Policy Objects. GPO’s are a method of managing users, network objects and security. GPO’s can be arranged in a hierarchy and enable network administrators to control access and distribution of data on the network.

Information store: The database that holds exchange information. By default there are two information stores associated with exchange: the public and the private. The public information store holds content information for public folders, and also retains free-busy data used in Outlook calendaring. The private information store holds content information for individual mailboxes such as mail, calendar and contact information.

Mixed Domain: A combination of NT4 and Windows 2000 Servers where the NT4 server still operates as the Primary Domain Controller.

OS: An operating system (sometimes abbreviated as "OS") is the program that, after being initially loaded into the computer, manages all the other programs in a computer.

PPoE: A dial-in on-demand DSL service that is primarily used by Verizon DSL.

Primary partition: The Primary partition is the drive that the operating system is installed on. Typically this is the C drive. By default, this is also the drive most applications and resources are installed on.

RAM: RAM (random access memory) is the place in a computer where the operating system, application programs, and data in current use are kept so that they can be quickly reached by the computer's processor. RAM is much faster to read from and write to than the other kinds of storage in a computer, the hard disk, floppy disk, and CD-ROM.

Router: On the Internet, a router is a device or, in some cases, software in a computer, that determines the next network point to which a packet should be forwarded toward its destination. The router is connected to at least two networks and decides which way to send each information packet based on its current understanding of the state of the networks it is connected to. A router is located at any gateway (where one network meets another), including each Internet point-of-presence.

Security updates: Security updates are applications designed to fixed or patch security flaws detected in software applications.

Servers: A server is a computer program that provides services to other computer programs in the same or other computers. The computer that a server program runs in is also frequently referred to as a server (though it may contain a number of server and client programs). In the client/server programming model, a server is a program that awaits and fulfills requests from client programs in the same or other computers. A given application in a computer may function as a client with requests for services from other programs and also as a server of requests from other programs.

Service packs: Service packs are major modifications to an application’s programming. Typically, service packs combine prior security updates with additional features for an application. Service packs are not to be considered upgrades to an application.

Switch: A switch is a network device that selects a path or circuit for sending a unit of data to its next destination. A switch may also include the function of the router, a device or program that can determine the route and specifically what adjacent network point the data should be sent to. In general, a switch is a simpler and faster mechanism than a router, which requires knowledge about the network and how to determine the route. A switch is capable of detecting objects on its nodes and determining what port to forward data through.

UPS: Uninterruptible Power Supply. An UPS unit is a battery with a current-detector and a capacitor. When the device detects an interruption in the power supply, it activates the battery component, ensuring that the computer or appliance attached to it has a power supply, even though the main power supply is not functioning.

WEP: Wired Equivalence Protocol. This is a security protocol that can be utilized on Wireless networks to prevent unauthorized users from freely accessing the wireless network. It is a standard option on most wireless access points.

WINS: Windows Internet Naming Service, part of the Microsoft Windows NT and 2000 Servers, manages the association of workstation names and locations with Internet Protocol addresses (IP addresses) without the user or an administrator having to be involved in each configuration change. WINS automatically creates a computer name-IP address mapping entry in a table, ensuring that the name is unique and not a duplicate of someone else's computer name.

Appendix A: What are RAID Drives

Redundant Arrays of Independent Disks, or RAID, is a rapidly expanding storage technology, which promises a major improvement in the way on-line data is stored in computers.

Redundant Disk System - RAID

RAID Level Description PerformanceAdvantage Fault Tolerant?
RAID 0 Disk Striping Parallel Disk I/O No
RAID 1 Disk Mirroring None Yes (1 Drive Failure)
RAID 2 Disk Striping with Hamming Code for Error Protection None Yes (1 Drive Failure)
RAID 3 Disk Striping with Dedicated Parity Drive Parallel Disk I/O Yes Yes (1Drive Failure)
RAID 4 Disk Striping with Dedicated Parity Drive; Non- synchronized Disks Required Parallel Disk I/O Yes (1Drive Failure)
RAID 5 Disk Striping with Distributed Parity Parallel Disk I/O (not as Fast as RAID 0) Yes

RAID Level Definitions

Those investing in storage will need to consider low cost per Mbyte, high input/output I/O, and high data reliability in order to obtain a balance to suit their needs.

RAID 0 - Disk Striping

Disk striping writes data across all disks concurrently rather than on one disk at a time. Although termed RAID 0, it is not a true implementation of RAID because there is no facility for redundancy. Therefore, in the event of a disk failure, data is lost. In the disk array subsystem, data chunk 0 is written to disk 0 , chunk 1 is written to disk 1 and so on. When the last disk is reached and written, the array proceeds to store data on the next level of the first disk. Disk striping is fast as data can be transferred to multiple disks simultaneously: chunk 0 is still being written to disk 0 while chunk 1 is being written to disk 1. Furthermore, reads and writes can overlap. An example of a typical usage for RAID 0 could be: Data from the field comes into the central processing location on tape where it is instantly processed. Redundancy is not a requirement as the tape can be relocated.

Summary: RAID 0 offers the highest performance without redundancy. Some industries that RAID 0 is particularly suited to are: meteorology, geophysical exploration, oil and gas industries, video/graphics.

RAID 1 - Disk Mirroring

Disk mirroring protects against disk failure by keeping two copies of data stored on separate disks or arrays. Though simple and easy to implement, installing two sets of disks effectively doubles the investment required for a single, non-redundant drive. If at any time either disk fails, the remaining disk can provide all of the data needed, preventing downtime. Two copies of the data also ensure that there is no degradation in performance, as accesses are immediately routed to the working disk. In the event of failure, copying from the operational disk to the replacement disk is very fast, which reduces the risk of a second failure.

RAID 1 not only provides protection, it can also improve performance. For example, if multiple requests for the same data are made, demand can be distributed between two disk copies therefore increasing response time for data access.

Summary: RAID 1 is the most secure of any of the RAID levels and is exceptionally fault-tolerant. Examples of industries that would use this level are those who cannot afford downtime: banks, insurance companies, stock markets, airline systems.

RAID 3 - Parallel Data Access

In RAID 3 data is distributed to a striped array and a disk is added to store redundant information. The array consists of three disks for the data and one parity disk for the redundancy. In the event of a disk failure, data can be mathematically reconstructed from the remaining disks in the array. Synchronization enables striped data to be read and written as quickly as possible. However, when multiple writes are involved, performance is reduced because the parity drive has to be accessed for every single write, which may create a bottleneck at the parity drive. Consideration should also be given to impacts on performance, as disk rotation must be synchronized before data can be accessed.

Summary: RAID 3 is ideal for intensive high-speed, long data transfer applications such as: video, CAD/CAM, graphic applications, scientific modeling.

RAID 5 - Independent Access Arrays

In RAID 5, the redundancy offered in RAID 3 by a single parity disk, is distributed across all the disks in the array. Data and relative parity are never stored on the same disk. One user may be writing a chunk to disk 0 and the corresponding parity to disk 3, another user may be writing to chunk 4 of disk 1 and updating parity on disk 2. There is a clear dividend in terms of performance and the speed of transactions.

During disk writes, RAID 5 cannot produce a write performance comparable to that of straight disk striping because other operations have to be undertaken to make and store parity codes. The I/O performance of the array depends very much on the relative levels of reads and writes requested.

When a stripe is modified, unmodified portions must also be read to re-generate the parity for the entire stripe. Once the parity has been generated, the modified data and parity information must be written to disk. This is commonly known as Read/Modify/Write strategy.

It reflects that, though RAID 5 is superior to RAID 0 because it offers redundancy, it is not able to perform as well as RAID 0 in terms of write performance. Because RAID 5 has distributed parity, two reads and two writes must be performed for every write operation. However, the write penalty can be overcome by the use of write caching which allows write data to be stored in the memory prior to writing to the disk, so freeing the host processor for other tasks.

Summary: RAID 5 is ideal for organizations running databases and other transaction-based applications such as: banks, airline and railway reservation systems, government departments, utilities and telecommunications.