Bandwidth is usually a scarce commodity which needs careful managing to maintain.  However there is always a demand on that finite resource, and never more than when there's a major streaming event such as the Olympics.  There are many ways to block or throttle bandwidth to specified sites, but most of these are expensive and almost certainly overkill for occasional usage.

For a simpler, cheaper solution why not investigate OpenDNS.  OpenDNS provides a host of management features including content filtering and specific domain blocking.  Customization is provided so if a page is blocked, the user receives a page that can include a custom message and your own company logo.

However the benefit of education cannot be overstated.  If you explain to users the potential bandwidth costs of various activities, they will generally alter their usage to accomodate.  Very few users intentionally perform actions that harm network performance.

     

With the recent charging of 11 individuals in a multinational case involving the theft of credit card information, now would be an excellent time to review your wireless security stategy.

No Wifi means no wireless security hole

The easiest way to ensure wireless security is simply to have no wifi.  Ask the question, do you need it?  Many wireless access points are used where a cable would be just as effective, almost certainly cheaper and definitely more secure.  However access points aren't the only source of wifi insecurity.  Any wifi enabled device can create an ad-hoc network, ensure your users are aware that they shouldn't connect to one.  If you can, ensure laptops are configured only to connect to access points only.

Also just because you believe you don't have any wifi, check your network carefully.  Far too often well meaning, but technically underinformed, users think they're doing you a favour by not bothering you and putting their own access point in the office.  Resist the urge to read them the riot act, but do take the opportunity to calmly explain why such an action isn't a good idea.

Minimize Leakage

If you must have wifi, then ensure you minimize signal leakage.  Many access points have omni-directional antennas, thankfully however many are removable.  Wherever possible, a directional antenna is preferable as you can maximize wifi coverage whilst minmizing signal leakage.  The best way to test signal coverage, other than wandering around with a laptop, is to use a handheld wifi detector.  Ensure the detector is capable of detecting the variety of 802.11x that your network utilizes.

Appropriate location within infrastructure

If the primary requirement for wifi usage is in communal areas, such as meeting rooms or conference rooms you many have the option to minmize the security risks by placing access points outside your internal LAN.  This will mean users can gain internet access, and visitors may be permitted to use the network with minimal fear of compromising network security.  Users wishing to access internal applications should use the connection as if it were any other unknown network, that is to use a VPN client.

Hardening Access Points

While not providing any security guarantees, best practise dicates their are several things you can do to minimise the potential for attacking wireless access points.

1. Disable SSID broadcasting
2. If possible, limit device access by MAC address
3. Require WPA as a minimum (Pre-Shared Keys are easy to setup, RADIUS provides more flexibility)

Some, usually SOHO type access points, have issues with combining MAC address blocking and hiding the device SSID.  If your device falls into this category, we'd say it's worth considering replacing it.

     

Whilst the new year is often a time to make resolutions, we don't advocate that - you'll only break them anyway!  
However there's no better time than now to do a bunch of those little jobs that fall between the cracks during the rest of the year.  We're really concentrating here on managed switches.

Document your configuration
Consider annotating your switch configuration, most support it, and it will ensure that those more obscure VLAN's still make sense when you revisit them 6 months later.

Naming prevents mistakes
Give your switches sensible, descriptive names.  When you've only got 2 switches on your network this seems unnecessary, but as the network grows connecting to the wrong device accidentally becomes a real possibility.  Seeing that name at the console might well save you from disaster.

Backup, Backup, Backup
Backup switch configurations.  We tend not to think of these silent workhorses of our networks that much until something goes wrong, and you don't want to be in the situation of having to recreate a configuration from memory after replacing deceased hardware.

Update firmware with care!
Whilst you might keep your operating systems regularly updated, network hardware often gets overlooked.  Yet it is important to remember that such devices can have vulnerabilities and particularly those at the network edge should be kept up to date.  What we don't recommend however, is simply upgrading to the latest version for no reason.  Check your with either your vendors support site for vulnerability reports and fixes for example Cisco provide comprehensive details on their Security Advisories site.  Alternatively there are third parties such as the Carnegie Mellon Emergency Response Team site which aggregates advisories and vulnerability reports from multiple sources.