Walking into an existing environment is always *ahem* fun – especially when you’re trying to make it more manageable/secure and the previous person in charge of the environment knew just enough to get things running. Combine that fun with downtime costing the company hundreds/thousands of dollars a minute or more.
Ideally we want to make as many changes as possible without our users being affected (or even better – knowing!) – this will require a few things:
- Understanding what is in our environment
- Understanding workflows
- Understanding what can be adjusted/added/removed to/from workflows
Once those things are understood we can proceed very deliberately – meaning:
- Test ASSumptions
- Create action plans
- Build back-out plans
- Test implementation at key points
What’s in Your Environment?
If you don’t have things documented, you don’t have a way to baseline what’s normal and what’s not.
The easiest place to start is to document what is physically on your network: workstations, network equipment, servers, access points. Then move to getting things like MAC addresses, static IPs and subnets. Then get software licenses, installed applications, user accounts, file shares and rights – basically start at the bottom of the OSI stack and work your way up.
Automating Discovery/Documentation
There are only so many hours in the day and always more things you could be doing to secure your environment – so automation is your best friend.
Some tools that have proven helpful:
- NMAP – https://nmap.org/
- Angry IP Scanner – https://angryip.org/
- Snipe-IT – https://snipeitapp.com/
- DHCP Logs
Automating Things Yourself
There are only so many things existing tools can do for you – or at least if you don’t want to spend money to get more developed tools (depending on the complexity of your environment might actually get a better ROI!).
You’ll have to learn some coding/scripting skills and you’ll have to be more familiar with the operating systems your environment uses. A couple of very well supported (large user-bases and communities) options are:
- Powershell – Built into Windows machines
- Python – The defacto language world wide
- Bash – Included with most Linux/BSD installs
Typically you’ll need to learn how to built in utilities within the OS and then use an appropriate scripting language to launch the utilities and then parse the appropriate data from the output. It’s all different depending on what you’re using – but a lot of times there are modules that others have written that will make the process you’re trying to accomplish easier.
Documentation
Knowing things about your environment is good – but writing things down so others know about them is even better (not to mention you don’t have to remember it AND you don’t have to re-discover things later!).
How things are documented isn’t super important, just that you can find the information you need – WHEN YOU NEED IT!
Some options:
- Hand-drawn maps – great for initial exploration and far better than nothing if something blows up and really easy to create
- Spreadsheets – the typical first step in documenting things electronically
- Works great for things like IP addresses/vlans/physical port connections
- Draw.io – a great free option for creating maps and charts electronically
- Inventory systems – things like SnipeIT are great for tracking individual assets and important things like MAC addresses and who is using what
- Spiceworks – offers a lot of power and for no money, but they get all of your network/asset information
- Solarwinds – really powerful but really expensive and depending on how much access you give it – makes for a potentially massive security vulnerability
- Wikis – a great way to give access to multiple people as well as creating an interconnecting web of related information