Simplifying Integration -- Redmondmag.com

Simplifying Integration

Emmett offers his top tips and advice to help any interop project run smoother.

By Emmett Dulaney
09/12/2006

One of the constants in IT (and other fields) is simplification. Anything that simplifies work will free up time that can be better used elsewhere. Sometimes simplification can come in the form of a piece of software, a hardware component, a tip or merely a change of mindset. What follows are 10 suggestions -- many of them tips and mindsets -- that can help make integration simpler.

Tip #1: Move Away from NIS
The days of using this for a central server and distributed clients has passed. LDAP has all but replaced it in every sense of the word. If you are trying to integrate and make NIS the common language for user authentication, you are doing yourself no favors. Investments made in getting an implementation to work just right based on this standard are questionable at best. Standardize on LDAP instead for all systems in the network, and you should find easier going as well as continued support for considerable time in the future.

Tip #2: Time Matters
Make sure the time is correct on every device that connects to the network. Use NTP (Network Time Protocol) to keep the system time accurate, as you have to have the exact time for everything to work the way that it should (this is true for authentication and various other aspects of security). There is no one right answer about whether you should add a single server to your site to supply the time or opt to have your hosts connect to a public NTP server. Use the option that works best for you and check every so often to make sure it is working.

Tip #3: Ditch Your Platform Biases
Toss out all preconceived notions about the superiority of one platform or another. One of the cardinal rules of research is that you don't decide what the outcome will be until you do the research. When administrators convince themselves that Linux is the best platform for a solution before doing the research, or that Windows is the only platform that should be used because they are most comfortable with it, they are shortchanging themselves and the companies they work for. The truth of the matter is that some things flat-out work better on Windows than they ever will on Linux and vice-versa. Same yourself time and headaches by simply accepting that -- don't try to make a square peg fit a round hole.

In designing interop projects, you can also take a cardinal rule from the marketing industry: start with what consumers need and then work backward -- design products from there. If a company goes abot it the other way, first creating a product and then trying to convince consumers that they need it, the rate of success is greatly reduced. This same tact should be used by administrators: Start with what users need and then work backward from there, regardless of preconceived notions.

Tip #4: Don't Be Afraid To Shrug
Sometimes you can save yourself an enormous amount of backpedaling by admitting upfront that you have no idea what the best solution is or how to proceed. Once you have done that, you can then look for someone, or something, that can help. There are an endless number of resources that are just begging to be discovered and put to use. This list includes fellow administrators, Web sites, blogs, knowledgebases, books and a plethora of other choices.

Tip #5: Secure the Same
Keep security policies restrictive and consistent across all platforms. This applies to file and directory permissions, user permissions and so on. It is not uncommon to find problems crop up when administrators try to cut corners in the interest of just making things work. You should always assign users the least amount of permission they can function with and make certain that those restrictions are the same across every platform.

When it comes to security, you must always act as if your system is about to be broken into and you need to secure the data with your life. When you deviate from this, you create an opportunity not only for someone intending to do harm to do so, but also for honorable users to make honest mistakes that can cost you a great deal of time to fix.

Tip #6: Ban Telnet
At one point, Telnet could pass for a definition of integration. Today it is the poorest excuse for a network service that one can find. The few operations that still require such a service should use SSH instead of Telnet because of all the known vulnerabilities (security and other).

Audit your systems and see if there is any possible need for Telnet to still be used or if there are any users still using it. The odds are good that no one is, meaning there's no reason it should be running anywhere on your network -- Telnet is an unlocked door just waiting for someone to discover it.

Tip #7: Place a High Priority on Staying Current
This tip applies to both the technology and you. Install the latest service packs and patches as they are released (after checking them on non-production machines first). Learn and embrace the latest technologies as they become available before you find yourself leapfrogged. A classic example of this is VoIP -- after years of being mentioned only in idle conversations, it suddenly became something many administrators were clamoring to master in a short time period. Don't forget to keep your own skill set and that of your employees current, as well.

Tip #8: Don't Overlook the Value of Communication
Just as it is imperative that the systems on your network communicate in order for integration to work, it is equally imperative that you communicate with other administrators for the same reason. Discussing what you are doing with others can save you precious time, but you should also consider passing on what you have learned: the successes and the failures. Others can learn from what you've tried that did not work and it can save them precious time, as well. Every administrator has the ability to add to the body of knowledge from their own experiences.

Tip #9: Monitor Everything
Turn on logging everywhere you can and then read (really read) the results. Look for what succeeds and what fails. Make log monitoring and auditing a regular part of your routine -- don't wait until the files get too large and the job seems overwhelming. If you spend a small amount of time looking at the logs each day or week, you will find it so much easier to be able to keep upand spot problems early on.

Tip #10: Beware Default Values!
Default values are known by you and everyone else. Change your port assignments, change your key encryptions and change everything else, too. Such a simple precaution can be remarkably effective in increasing the security of a system (and decreasing the headaches involved in maintaining it.

So there are my tips to help smooth your integration implementations. Be sure to share your's by posting below.

About the Author

Emmett Dulaney is the author of several books on Linux, Unix and certification, including the Security+ Study Guide, Fourth Edition. He can be reached at [email protected].

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.