March 09, 2005, 2:02 PM —
 Strategy in Practice |
| Rules for success |
| Things to avoid |
| Questions you must ask |
| Are you a candidate? |
| Last words |
This Best Practices is part of a collection of advice provided by information technology professionals on how they have solved various challenges, and addressed IT priorities within their organizations.
Company:
Cape Cod Cooperative Bank
Cape Cod Cooperative Bank was founded in 1921 as a mutual community bank to serve the people of Cape Cod, Massachusetts. It is an independent community-owned bank whose tradition and future is to provide unique, personal service in order to meet the ever-changing needs of its community.
Challenge:
The bank needed to ensure that software patches and virus DAT files were up-to-date on financial advisors' laptops as they connected to the bank's network. The laptops were not part of the bank's domain and could not be updated through group policy or other corporate patch management systems.
Solution:
The bank installed PredatorWatch's Auditor16 device at the five branches. The advisor's laptops are audited as soon as they receive a dynamic IP and the summarized results are emailed to the network administrator for further review, with the detailed report, or action if necessary.
How it worked:
A financial advisor connected his laptop to the network triggering an audit and subsequent email to the network administrator. The administrator logged into the Auditor16 and discovered a medium level vulnerability on the detailed report. He immediately notified the advisor and the appropriate software update was applied to the laptop.
- Reporting - the branches remote location required a solution that could notify the appropriate personnel in a timely and informative fashion.
- Maintenance - with a limited staff the devices needed to be automatically updated, virtually maintenance free and easy to deploy.
- Effectiveness - the solution had to work reliably to ensure the integrity of the network.
- Price - the limited number of laptops and branches required a solution that was cost effective.
- Be sure that, when you first connect to the appliance to get its IP address, you use a standard female-to-female serial cable to connect to it. If you fail to use a standard cable with the correct pin-outs, the Auditor will not respond.
- When you select a model (Auditor 16, Auditor 128, or Auditor Enterprise), try to use the model that allows you the largest number of IP addresses appropriate for your site. Auditor 16 handles up to 16 IPs, while Auditor 128 handles up to 256. Only Auditor Enterprise handles more than 256. If you have approximately 240 IP addresses, you could quickly top out on Auditor 128 as laptops plug in and take up the remaining IP addresses or as you add new machines to the network. If you are that close to 256, you should probably consider either Auditor Enterprise or multiple Auditor 128s. The larger unit will generally provide better performance for increased numbers of IPs.
- Auditor can dynamically detect an unlimited number of IPs on plug-in/connection, but it can only audit as many IPs as you have licenses for. Thus Auditor will always detect a system has plugged in, but will not audit it if doing so would mean exceeding the number of licensed IPs. If the issue arises, you can buy additional IP licenses after the product is installed, but the better prepared you are to handle the capacity of your network, the more effectively you'll protect your network.
- To have Auditor dynamically detect machines on plug-in, your network must have a DHCP environment.
- Auditor can dynamically detect systems on plug-in/connection anywhere in a multi-level network with subnets, until it runs into a DHCP server in a subnet. If you must have a DHCP server in a subnet, you can use an Auditor 128 or Auditor Enterprise to audit all systems on the entire network, then add an Auditor 16 to each subnet that has its own DHCP, to handle dynamic detection in that subnet.
