Unlike resolutions to lose weight, join a gym or become a gourmet chef, these seven IT resolutions are easy to implement and maintain. Plus, these will benefit you a lot more than that Sea Urchin Guacamole Tacos recipe you were contemplating. I promise.
Automate More
Pretty much every IT person has a number of things he or she does every week, or even every day, that are easily fixed with a script. Do you check an array for disk space once a week or once a month? Consider scripting something to send you a report. Anything you do on a regular basis is probably worth the time it takes to automate. This process will help you ensure that everything you are doing is required (do I really need to do x every day?) and will relieve you from the time it takes for these regular tasks so you can focus on projects and emergencies.
Reduce Alerts and Distractions
Speaking of reports and alerts, many Sysadmins have automated emails filtered in their email to go to a special folder. If you are keeping such alerts for record-keeping purposes, consider moving them to a shared mailbox and out of your personal email. Your personal email should receive only high-quality alerts that you have to or want to take action on. It should also not be filtered into a folder where it can be easily forgotten.
Review and Audit Configurations
Over time systems fill up with cruft. Firewalls are a particularly good example. I have visited several clients in the past year who had an “Allow All From All” effect rule in their firewall. Or a rule permitting a very specific port, application, or service, followed by a more permissive rule. Many of us have been in the hot seat when some application stops working and we have to rush to figure out what broke in the firewall. The temptation is to create an excessively permissive rule in order to stop the complaining, always with the good intention of revisiting and doing it right, but following through is low priority and often forgotten. This same scenario happens with permissions on file systems, switch configs, and any number of other places. Resolve to spend some time reviewing how many of these quick fixes you have in your environment and make a plan to fix them with least privilege in mind.
Documentation
No resolution list is complete without a call for more documentation. My simple rule for documentation is to make things as self-documenting as possible, not to produce documentation to the extreme that a non-IT person could follow it to accomplish what you are documenting. This is especially important for routine tasks that are quickly learned by new hires. If you document the process for running
While you are at it, make sure your documentation for how to recover your SAN and servers is not stored only on your SAN and servers. I have seen this happen a number of times. Also, keep a journal of what you do every day. Even just a bullet list of major events, efforts, and accomplishments every day will help immensely when you are trying to remember things.
Replace Old and Out of Warranty Systems
Do you still have a Windows 2003 server running all your licenses for AutoCAD, or some homegrown software that no one understands? Make a plan to upgrade it. Most servers are much easier to upgrade if you do it over a period of time. I should not have to tell you that a server that is no longer supported with security patches is a server that could fail at any time. Taking a controlled outage to cut over to a newer server is vastly preferred. It is sometimes difficult to explain this concept to process owners and those not in IT. If things cannot be updated, there are ways to firewall the device that should be employed.
Restore Something From Backup, Even if it Doesn’t Need to be Restored
If it has been a while since you did a full recovery, exercise those restore muscles by performing a restore. Not just from the easiest and most recent backup, but from an incremental from two and a half weeks ago, for example. If the experience is not flawless, be glad you tried now rather than while in crisis mode. For an added challenge, rebuild a domain controller, email server, and/or SQL server in a test environment and make sure everything works correctly.
Step Up User Training
Many malware attacks penetrate the inside a network because of a user. Most firewalls are generally good at repelling truly malicious content, and certainly from inbound attacks on services you do not allow through, such as SMB. Anti-Spam solutions do a good job blocking the vast majority of SPAM. (if you don’t believe me, run your server without protection for a while!) There are also solutions that aid in identifying spoofing and phishing attacks.
Speaking holistically, there is no solution that is completely foolproof for every targeted attack against your business. A little user training, even just explaining the various types of attacks out there, goes a long way to helping employees be aware and more vigilant about their clicking habits. Have your employees figure out ways to double check important processes. For example, maybe checks written out over a certain dollar amount should be verified verbally or by some other out-of-band method other than the way the request came in.
Paul – I think you wrote this after a recent visit to our company! Ouch!! and another OUCH!!