Skip to content

Tag: best practices

Team Chief’s Toolkit, Part II: Hacking Your Equipment

Okay, “hacking” may be a bit overboard for what I’m talking about here, but between the recent policies from General Dynamics and the ineptitude of the team you may be replacing, I might not be that far off.

In Part II of the Team Chief’s Toolkit, I’ll give a few recommendations for modifying your equipment and provide a few useful tips for dealing with TPE equipment.

Modify Your Switches

Any remote switch you may have (that is, a switch not mounted inside your stacks) should be locked down and hardened.

  • Enable service password-encryption. This will prevent your VTY and console passwords from being displayed in clear text inside your config.
  • Enable SSH version 2 and disable telnet. Cisco has a nice article on how this is done.
  • Enable port security. For each non-trunk port, there should only be two MAC addresses: the IP phone and the computer attached to it. Port security is not needed on trunk ports, but ensure that nonnegotiate is set to prevent VLAN hijacking and only allow the voice, data, and management VLANs across.
  • Avoid using SNMP version 2c or earlier. Use 3 if your NETOPS will allow it.

The Signal Team Chief’s Toolkit, Part I


I took over as my CPN’s Team Chief toward the end of our deployment, as our original Team Chief took leave late and it didn’t make sense to push him back out to our site with only a couple months remaining. Unfortunately, I fell in on a mess. Our Theater Property and Organizational Equipment was spread out to our customers and, aside from a hand receipts, I had little idea what was where.

So, with 20/20 hindsight, I am writing a series of best practices called The Signal Team Chief’s Toolkit. Hopefully, this will be of use to my fellow Army Signal soldiers who are either new to the Team Chief position or are looking for a better way to do things.

Dealing With Equipment

First, it goes without saying that everything not in your shop should be either hand receipted if in use or locked securely in your ISU-90/quad-con. This should be done without exception. Even if you trust the person using your equipment implicitly, a hand receipt will not only cover your ass in the event that something goes wrong, but will aid in the accountability of your equipment during inventories. Remember, do a hand receipt every time.

Get the DA 2062 form in PureEdge or PDF format.

Second, create a tracker of all your equipment, where it is, and to whom it is hand-receipted. You should actually do this before your team validates in country. Once your team begins installing remote switches and loaning (and hand-receipting!) equipment to your customers, the tracker should be modified to identify the location of the equipment and who signed for it. It should look something like this:

Cisco IP Phone 7941 FCH1338AWKM Task Force LT Black
Cisco IP Phone 7941 FHK1330A06C Task Force LT Black
Cisco IP Phone 7941 FCH1338AVQC Post Office SSG Blue
Cisco IP Phone 7965 FCH141187RD KAF SSG White
Dell Laptop 6400 1CXS0L1 Task Force LT Black

Keeping this up-to-date will save major headaches during cyclic inventories and especially during your RIP.

I’ve gone ahead and created a Excel worksheet that includes the proper headings and filters to get you started.

Next, as each device (phone, computer, or printer) is added to the network, you should create a document identifying the device and its pertinent information, like IP address configuration, location, and whether or not it was added to active directory. These should go into a binder where they can be easily referenced. When a device is removed from the network for one reason or another, write ‘REMOVED’ in marker across the page, but keep it around for reference purposes, possibly in a different section of your binder.

My device information sheets are available in Word and PDF formats.

Finally, create and maintain a tracker for your statically-assigned IP addresses. Printed copies of this tracker is very useful to the IMOs who are actually assigning the IPs to the end-users’ computers.

My tracker is available in Excel format.

If you have any suggestions or tips of your own, please leave a comment or email me at

EDIT: Links fixed. – 13 NOV 11