Best Practices for Networks

The following recommendations are ideal for most network types found in the small and medium sized organization. We do not warrant that by following these recommendations an organization is without risk of failure. Please consult with us if you require assistance implementing any of these practices.

1. Microsoft Updates
You should disable automatic installation of Windows Updates on servers. Updates can cause unexpected results, including server failure, which can be difficult to diagnose and/or reverse. You should; however, enable automatic updates on individual workstations.

2. Antivirus
Install antivirus software on every server and every workstation. If you use an internal email server like Microsoft Exchange Server, also protect your messaging with antivirus. The most effective management of antivirus scans are virus definition updates, and threat management is achieved with a network version of antivirus that is managed by a central server. It is also important to exclude certain files and folders from virus scanning due to the possibility of data corruption. This is particularly important on servers such as domain controllers, Exchange servers, and database servers.

3. Malware Management
Malware is a broad term that refers to software designed to infiltrate or damage a computer system without the owner's consent. Popular forms of malware include spyware & adware. These programs are responsible for a significant decrease in user productivity due to their impact on PC performance and time spent on attempted self-repair. More catastrophic results can include unauthorized access to company information by outside hackers, deletion of critical information, and even operating system corruption leading to complete system failure. You should proactively scan for and remove malware programs on a regular basis.

4. Internet Security
It is generally a necessity for most organizations to be connected to the Internet in order to conduct business in real-time. The way that this connection to the Internet is established is an often overlooked security risk. Without the proper hardware in place, the information stored on your network can be accessed by unauthorized persons. There are three types of hackers: The one who wants to retrieve data for personal or resale use, the one who wants to be destructive within a vulnerable network, and the one that wants to take control of your network computers in order to send spam or attack other companies. Whatever the motive, the results can be catastrophic and expensive to a business. The solution is a firewall appliance positioned between the private internal network and the public Internet.

5. Data Protection
It is recommended that a data backup solution be devised to facilitate disaster recovery. Data can be lost in a number of different ways including: Hard drive failure, database corruption, virus activity, end-user error, natural or man-made disaster, or Internet attack by unauthorized personnel. The value of data varies widely by organization but could result in an unrecoverable loss of revenue or even business failure.

There are a number of methods available for data backup including: Rewritable CDs and DVDs, external hard drives, online storage services, remote offsite data transfers, or the more traditional method of automated backup to tape media. Regardless of the method, it is a best practice to rotate data backups to a safe offsite location and to perform at least a semi-annual restoration and disaster recovery simulation to test the viability of your solution.

6. Remote Access
Most organizations operate outside the traditional four walls of the office space. Fast, easy, and secure access to the corporate environment from remote locations is becoming a necessity. A number of recent technology enhancements, coupled with the affordability of high-speed Internet access, are making the “virtual workplace” a reality. One of the earlier generation options in this area included pcAnywhere™.

Remote access is easier than ever before and serves a number of different needs including: Access from home, access for a roaming sales force, branch office connectivity, access to servers or individual office PCs, and access for Computer Works to quickly diagnose and resolve computer-related issues without spending time traveling to the office. Microsoft® Windows® Server 2003 makes it easy with two free built-in remote access licenses.

However, it is important to understand the risks that go along with providing remote access. Proper precautions must be taken to minimize the possibility of unauthorized access. Implementing and enforcing a strong password policy is a good first step. Eight-character passwords using numbers, upper and lower case letters, and even symbols can increase security not just from outside attackers, but from internal snooping as well. Additional steps such as encryption and biometric user identification can increase security substantially.

7. Junk Email
Spam is not just a can of mystery meat anymore. Spam is Internet slang for unwanted email, primarily unsolicited commercial email. Recipients of spam often consider it an unwanted intrusion that can be a financial drain by impacting the productivity of users, the performance of computers, and the speed of Internet access because of a “clogged drain.” Spam has also been linked with fraudulent business schemes, chain letters, and offensive sexual, political, hateful, or other inappropriate messages that may violate the company’s workplace or computer-use policies. Spam is also a favorite delivery method of viruses, worms, trojans, and other malware like spyware and adware.

The solution is to subscribe to an inexpensive service (about $45/mo. for 15 users) or install hardware or software on site that filters this content before it gets delivered to your Inbox. Worried about missing something? Most services let you view your own private quarantine so that you can release anything that was improperly categorized as spam. They will also provide the option of always allowing the sender or domain through in the future. This is referred to as a “white list”. One more bit of caution: If you ever find that your organization is unable to send email to common recipients, make sure that your domain name has not been inadvertently added to a “black list” as a source of SPAM. It happens often if your organization sends electronic newsletters or other mass emails.

8. New Microsoft Products
You should consult with a qualified Microsoft Partner before adopting any new Microsoft products for your corporate environment. Despite the media excitement over new product releases, it is important to understand what the impact will be in a production environment. New product development is exciting and is an integral part of our technical advancement over time, but a thoughtful, measured approach where thorough testing has been performed makes the most sense.

9. Toner Supplies
One area of IT that many people often overlook is printer maintenance. Regular maintenance of printers and copiers can maximize printer availability and print quality. The maintenance interval is dependent primarily on the printer’s workload and operating environment. Heavily-utilized printers and those in a harsh environment require more frequent care. There is a considerable cost savings with remanufactured and compatible consumables for your printers, fax and copy machines. You can trim your IT supplies budget for these items by as much as 50%. The newest generation of these supplies has a 100% satisfaction guarantee and the same success rate and quality as the original manufacturer (OEM) supplies. These products are available for almost all models from popular manufacturers like HP, Brother, Xerox, Canon, and Lexmark, among others. Computer Works deals with these trusted names and can help you understand the cost benefit.

10. Hardware Lifecycle Management
Most companies have equipment at various levels of age and capability. Replacing the vital parts of the IT infrastructure at predefined intervals can provide maximum resource availability, new features, and improved performance. Servers and other enterprise-level network equipment are designed to be operational around the clock for many years. Most equipment will continue to run beyond their decommissioning date, but replacing the most critical equipment before it fails allows for thorough evaluation, planning, and testing which makes for an easier transition.

These tips were brought to you by Bill Wass, Computer Works' Technical Services Manager