Keep your network management rules current

The long view of security strategies for your network.

Jeffrey A. Livermore, PhD is associate professor of Business Information Technology and Information Assurance at Walsh College. I've enjoyed meeting him at the Colloquia on Information Systems Security Education (CISSE) over the years and am pleased to present a contribution from him to the columns. Everything that follows is Dr. Livermore's work with minor edits.

* * *

Many organizations manage their network bandwidth by applying a set of network policies that limit the amount of bandwidth available to certain types of traffic. For example, limiting music downloads, instant messaging, and access to certain Web sites can improve network performance by limiting the amount of non-business traffic on an organization's network. 

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Jeffrey A. Livermore, PhD is associate professor of Business Information Technology and Information Assurance at Walsh College. I've enjoyed meeting him at the Colloquia on Information Systems Security Education (CISSE) over the years and am pleased to present a contribution from him to the columns. Everything that follows is Dr. Livermore's work with minor edits.

* * *

Many organizations manage their network bandwidth by applying a set of network policies that limit the amount of bandwidth available to certain types of traffic. For example, limiting music downloads, instant messaging, and access to certain Web sites can improve network performance by limiting the amount of non-business traffic on an organization's network. 

Some organizations reported as far back as 2003 that more than half of their bandwidth was being consumed by music downloads and file sharing. College and universities seem to have the biggest problem with this and have been leaders in bandwidth management, as reported in a General Accounting Office report from 2004. Bandwidth is typically managed by using one of the numerous network appliances and firewalls that will provide this functionality.

No matter which bandwidth management solution is chosen, they are all rule-based. The network administrator writes a rule that assigns the amount of bandwidth available to different types of network traffic. This is how many administrators maintain the quality of service (QoS) necessary for some applications. Networks supporting VoIP telephone network often use rules to reserve adequate bandwidth to keep the telephone conversations from suffering interruptions and delays. Without reserved bandwidth, conversations might suffer if a user begins using an application like BitTorrent that can consume massive amounts of bandwidth and that is optimized to use as much bandwidth as possible.

Well written rules keep a network's mission critical traffic moving freely while throttling down the recreational or non-business related traffic. It is important to keep these rules fresh and relevant to today's network traffic patterns. Many organizations such as colleges find that their network usage evolves with time and the types of Web applications and services available to students and faculty. What worked so well last year may not work to anyone's satisfaction today.

Watching Internet videos used to be purely a recreational activity on college campuses. Now many faculty members include videos in their PowerPoint presentation. Restricting video traffic would now mean restricting classroom instruction. The same applies to iTunes. Some faculty members include video and audio materials from iTunesU in their lectures. These materials are typically downloaded from Apple to a server somewhere on campus and then must be delivered across the network to the classroom at streaming speeds.

The point of these examples is that network usage is constantly evolving and network administrators need to adapt to this evolution when managing network traffic. Static rule sets and policies will lead to frustrated users and poor service delivery by the network administrators. These usage demands will be complicated by new computing and security hardware that will add to network overhead.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.