Hey everyone! I'm looking for guidance on improving my skills as a Sysadmin, particularly in enterprise networking. I currently work for a small company with about 150 employees, and while we've experienced significant growth, our tech infrastructure hasn't kept pace—it's pretty outdated. The company wants to invest in updating our systems, which gets me thinking about best practices for enterprise networks.
I have experience with server management (both physical and virtual, including VMware ESXi and Hyper-V), Layer 3 switches, routers, and firewalls, but I feel like my knowledge is quite basic in some areas. After a recent security assessment, I discovered several vulnerabilities, like insecure protocols and sensitive data being sent unencrypted. I'm now eager to learn more about network design, what protocols should be enabled or disabled, how to conduct audits, and how to verify improvements effectively.
I've been approved to purchase new firewalls and switches to help with network segmentation and to create site-to-site VPNs, but I worry about leaving security gaps. I'm also considering implementing Active Directory. Any recommendations for courses, certifications, or resources to help me deepen my understanding of enterprise networking would be much appreciated. Thanks!
4 Answers
You're diving into a wide topic here—it's not just networking but the entire IT infrastructure! If you're thinking about how to manage endpoints, have you considered alternatives like Microsoft 365 with Intune or using a local AD? If the costs of Business Premium seem high, weigh the benefits of centralized management against that. Controls for endpoints are critical; you definitely need a robust system for permissions rather than leaving everything wide open. Your focus on firewalls and segmentation will also make a big difference!
Building a test network can really help you learn without affecting your production environment! If possible, set up a small isolated network with virtual machines where you can experiment with configurations. This can help you practice what you want to learn, from implementing security measures to trying out network architecture. It can be a low-cost way to get hands-on experience in a risk-free zone.
It sounds like you're on the right track! A lot of it hinges on balancing legacy software with the need for security. Since your pen test highlighted insecure protocols, prioritize addressing those—like SMBv1 and TLS 1.0—but do proceed cautiously, especially if some legacy applications rely on them. It might be worth looking into isolating any critical legacy systems on their own secure VLAN to reduce their risk. Yearly pen tests are a great idea too; they can really help track your progress! Also, have you tried using Ping Castle? It should help you analyze your existing Active Directory setup better when you implement it.
Don't let the results from the pen test scare you too much. Focus on the specific vulnerabilities that were identified without stressing over every single security report highlight. It’s important to understand which settings are truly risky and which ones you might need to keep for operational visibility. Remember, red team assessments often dramatize findings—it’s about balance. Just ensure you're prioritizing critical vulnerabilities first.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux