T 2.60 Strategy for the network system and management system is not laid down or insufficient

If no general organisational management strategies are laid down for the areas of network management and system management, mistakes in the coordination of individual subdomains can cause serious problems through errors in the configuration, which can cause the system to completely collapse at network level. This is particularly the case in medium and large networks with several management domains.

For this reason, it is imperative that you lay down and enforce a management strategy. The following gives several examples of problems caused when the strategy for the network management and system management has not been laid down or is insufficient.

Requirements are not analysed before the management strategy is laid down

In order to determine a strategy for the network management and the system management, you must first analyse the requirements. Without determining the requirements of the management (for Example:Which manageable network switching elements exist? How often is the software to be updated?), it is not possible to formulate demands of the management strategy. As the management strategy also has an impact on the software to be purchased, this can lead to wrong decisions.

If, for example, a management product is introduced whose range of functions is too restricted, this can also cause problems in security, as the necessary function has to be provided "manually". In large systems, this can easily lead to errors in the configuration.

Purchasing unmanageable components

If a computer network is administered with the help of a network management system and/or a system management system, you must ensure that new components can be integrated into the relevant management system so that they can be included in the management. If this is not the case, you will need additional time for administration, if nothing else, as the management strategy that was laid down must be enforced for the components which are not administered with the management system. However, as these components are in particular not integrated in the automatic administrative processes of the management systems, errors can occur in the configuration . This can lead to a security risk through uncoordinated configurations.

Uncoordinated management of related areas (communities, domains)

If a computer network administered by a management system contains several administrative areas which are each looked after by their own system manager, then the management strategy must define their competence unambiguously. Otherwise, uncoordinated management of individual components can cause security problems.

On the one hand, for example, if individual components such as network switching elements are wrongly managed by two administrative areas (this can happen, for instance, if users fail to use different SNMP passwords (community strings)), then the uncoordinated setting of configuration parameters may lead to gaps in the security.

On the other hand, if components (such as printers) are used by two administrative areas together and if, for example, the confidentiality of the other administrative area (e.g. Windows NT network releases) was not set up correctly, this can inadvertently lead to security problems if an unauthorised third person is permitted access.

Non-integrated administrative software

In the administration of medium and large systems, after the management system has been introduced, it may be the case that new components are to be integrated into the system whose administration requires functions which the management system in use does not support. This applies in particular to the area of application management. If administrative software that cannot be integrated into the management system is used for the administration of the new components (e.g. via a programming interface or through the implementation of what are known as gateways), then it is impossible to integrate the components into the management system. Thus the new components are not subject to the "automatic" management, making it necessary to manage them "manually". The strategy laid down for the management must now be applied to two systems. However, this can lead to configuration errors which can cause gaps in the security.