Designed to fail
Security audits are a fantastic way to improve the security of your network. A good auditor can highlight critical flaws in your design and configuration before they are launched into the big bad world. However I think there is a massive issue with security audits; they are designed to fail.
I did a quick review of commercial lab management software recently when Spirent launched their Lab Optimizer software. In the process I quickly glossed over physical layer (a.k.a. Layer-1) switches. A physical layer switch is a powerful tool to have in a network lab or as a network tap, so let’s take a closer look at these devices.
A few years ago, I had the chance to attend an IXIA training course in our Dublin office. I had seen the time-suck of network test gear before. So I said, “I’m not spending a week trying to learn a test-set. It’ll be cool, but what’s the point. I won’t get the time to apply those skills, then I’ll forget, and it will be a wasted week.” I declined the training.
Photo by http://www.flickr.com/photos/clemmac/ – some rights reserved
We have a network lab?
Spirent presented their new lab-management software, called iTest Lab Optimizer, at network field day 4 recently. Their product name isn’t catchy, but it is very descriptive and addresses a market need. The simple fact is that most lab networks don’t get optimised to their full potential for some of the following reasons:
- Nobody knows what is in the lab (or that one exists) – Inventory Management
- The availability of the lab devices is unknown – Availability and scheduling
- The patching status of the devices is uncertain – Fixed undocumented patching.
- Setting up your device-under-test is hard and takes time, so you try to prevent other users from mangling your config. – DUT config management