Troubleshooting Rules of Thumb


Before moving on to describe troubleshooting tools, we want to present a few important rules of thumb to keep in mind while working on a problem. Utilizing proven techniques keeps your troubleshooting process on track and prevents it from resulting in false positives or incorrect results. The concepts we cover in this section will help keep your hypotheses focused on the problem and you on track.

Make Only One Change at a Time

This is perhaps the most important rule, and it can be the hardest to follow when you're in a hurry. You can refer to as many sources of information as you like, but don't make multiple changes at the same time. Otherwise, you will end up not knowing for sure which change fixed the problem. Worse, you might mask the solution with another problem.

While troubleshooting our sample firewall problem, we moved the client station between external and internal locations, and although we examined the firewall configuration, we didn't make any changes to it. As a result, we know that the problem depends on the client location. If we had changed the firewall rule set while moving our client's test location, we might have incorrectly deduced that the problem was related to a change we made in our rule set and not the location of the client.

Keep an Open Mind

We can't overstress the importance of keeping an open mind when working on a tough problem. Most people, especially experienced troubleshooters, tend to reason through many problem aspects at an almost unconscious level. Have you ever had trouble explaining a conclusion to someone who is trying to understand how you arrived at it? Sometimes those conclusions are sound, born of past experiences that aren't easily recalled, but have been internalized in your own rules of thumb. Sometimes, though, these conclusions are influenced by inaccurate perceptions, false assumptions, personal motivations, and a host of other human traits. If you believe you made no mistakes configuring the firewalla natural assumptionyou might not do a good job of examining the configuration. If you can, work with another troubleshooter to give each other a fresh perspective.

Get a Second Opinion

Sometimes when you can't see the solution to a problem, you need a second set of eyes. Bouncing a situation off of a peer can be a great help when you think that you hit a dead end while troubleshooting a problem. Just the process of methodically explaining to someone else the steps you have gone through can be enough to help you find holes in your own troubleshooting methodology. In any case, brainstorming can be a powerful troubleshooting tool, and it is indispensable when a solution is difficult to find.

Stay Focused on Fixing the Problem

If you subscribe to our philosophy, a problem isn't truly fixed until you understand what caused it. If you don't understand a problem, it's likely to reappear in the future. Obviously, the way that you apply this philosophy should be based on the context of the situation. It's often easier to fix a problem than explain how it happened. If the problem is causing your users pain, fix it and finish debugging it later.

We might easily fix the firewall problem, for example, by hooking back up the original firewall. If the outside caller was a paying customer who was complaining about the web server being inaccessible, we would certainly choose that route. In that case, the quick fix would justify the extra difficulty we might face in trying to finish the diagnosis offline or with a different network configuration.

Don't Implement a Fix That Further Compromises Your Security

This is usually worth some thought. Hopefully, you wouldn't diagnose a fiber-optic problem by staring at the end of the cable. Also, the pain associated with a fix doesn't always arrive immediately, especially when you're fixing security problems. All too often, in an effort to get something working, security is put on the back burner. In the long run, this can be a greater liability than the original issue was. For example, you shouldn't fix a firewall problem by installing a "permit everything" at the top of the rule set. When something is broken and Service Level Agreements (SLAs) are in jeopardyor worse, your job security is looming in the balanceit can be easy to implement a fix that compromises your company's security. Always be sure to consider the security implications of any fix that you apply and consider ways to mitigate any security concerns it may introduce to your environment. For example, if you need to add a firewall rule to allow access that wasn't previously allowed, enable logging on the rule and audit activity for that rule regularly after it is implemented.

The Obvious Problems Are Often Overlooked

How much time have you wasted diagnosing connectivity problems, finding the source to be the improper use of a crossover cable? Start with the simplest hypotheses first and work your way up to the most complex.

Document, Document, Document!

Finally, one of the most important things you can do to improve your success as a troubleshooter is to document fixes and causes of your problems in a personal "knowledgebase." How many times are you faced with a problem and have a peculiar feeling of déjàvu? You know that you have seen this issue before, but you just can't seem to remember what the cause wasor more importantly, what you did to fix it. By recording problems, their solutions, and causes in a searchable database, you may save yourself a lot of time.

Ideally, knowledgebase entries should not only include the description of the problem and cause, but also a step-by-step explanation of the solution, covering in great detail all the information needed to recover from the problem successfully. Also, facts should be included that will help identify the initial incident, such as location, involved products, the time when it occurred, and the party who logged the knowledgebase entry. You should make an effort to enter any facts that will help in the search for the problem when you face it again. With that in mind, if possible make all these information fields searchable. Although this can make for slow searches and a lot of space used by index files, it will be easier to track down an event by the most minute of remembered details.

No matter what methods you rely on, it is important to develop a troubleshooting methodology that works for you. Your methodology will depend on your own responsibilities, strengths, and weaknesses. We have provided some food for thought to help you develop or improve your personal methodology, but so far we have omitted a core component: the tools. We will spend the next section covering popular tools that you can utilize to help make your troubleshooting process more efficient.



    Inside Network Perimeter Security
    Inside Network Perimeter Security (2nd Edition)
    ISBN: 0672327376
    EAN: 2147483647
    Year: 2005
    Pages: 230

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net