Network Management
Policies and Procedures
Ntwk Segmentation, patching and updating
Network Monitoring
Change/Config MGMT
Standard Business Documents
Service Level Agreement (SLA)
defines the scope, quality, and terms of the service to be provided
Memorandum of Understanding (MOU)
defines an agreement between two parties in situations where a legal contract wouldn’t be appropriate
Multi-Source Agreement (MSA)
details the interoperability of their components
Statement of Work (SOW)
defines the services and products the vendor agrees to supply and the time frames in which to supply them
Physical/Installation Safety
Electrical Safety
Properly ground circuits to avoid voltage differential
This will cause data loss
Electrostatic discharge (ESD) can damage or destroy computing equipment.
Rack Installation and Maintenance
Optimize airflow - pull air from cool row
material safety data sheet (MSDS) for the racks and network components to determine best practices for recycling and so forth.
Emergency Procedures
• Building layout
• Fire escape plan
• Safety/emergency exits
• Fail open/fail close
• Emergency alert system
HVAC
68 degrees Fahrenheit , 50% humidity
Fire Suppression System can:
Detect fire, cut power to protect electronics, alert staff, dipslace oxygen with gasses
Ntwk Segmentation, Patching, and Updating
Patching and Updates
Operating System Updates
Most common type of update
Test before pushing it our to entire ntwk
Feature Changes/Updates
Add functionality on top of pre existing hardware
Vulnerability Patch
When vulnerability is discovered
made available on completion
sometimes pushed to users
How to Patch
Research
verify patch is going to do what you need it to do
Test
Test on Test system
Configuration backups
Backup computers and other hardware
Routers/Switches "backupconfig"
Wireless Config and MGMT
Site Survey
Wifi Analyzer - documents all wireless ntwks in the area
Heat map - graphical representation of the RF sources
Goodput -actual number of useful bits per second
Power over Ethernet
IEEE 802.3af PoE
Bring your own device
SSID Broadcasting
Turning off broadcasting will not hide the SSID from wifi scanners
MIMO
multiple in/multiple out
enables the devices to make multiple simultaneous connections called streams
VLAN Pooling
create a pool of VLANs for a single SSID and randomly assign wireless clients to one of the VLANs
Wireless Bridges
connect 2 wireless networks together, or to join wireless/wired ntwks together in the same way that wired switches do
Packet Sniffer
Capture packets flowing through ntwk
Packet Analyzers
Analyze packets captured by sniffer
Wireshark - Analyzer can filter packets
Interface Monitors
tracks bandwidth and utilization
Speed/Duplex
Utilization
Packet drops
Errors - malformed or unreadable packets
Discards - port intentionally drops a well-formed frame
Interface resets
Simple Network Management Protocol (SNMP)
Can set parameters to alert users
NetFlow
Packet flow monitoring
single flow is a flow of packets from one specific place to another
builds a clear picture of the volume and flow of traffic on the network
Performance Monitors
tracks the performance of aspect of a system over time and lets you know when things are unusual
Security info and event MGMT (SIEM)
Power and Environmental Monitors
UPS/Battery backup can act as a power monitoring tool
Report fluxuations in power supply
Temperature/humidity should be monitored and maintained
Baselines
Log of performance indicators when system is running correctly
Log MGMT
Make log files cyclical/cycling when a new log appears an old log is deleted. First in, first out
Network Operations Center (NOC)
centralized location for admins to manage all aspects of ntwk
Change and Configuration MGMT
802.1X Config
Authentication methods
Change Request
Configuration Procedures
What is it going to take to make this happen?
Rollback Process
How will we revert if things go bad?
Notification
Dealing w/ Change MGMT Team
Change MGMT teams meet at fixed intervals
team will expect well-written CR
Making the Change Happen
Test coming changes
Authorize downtime
Notify the change to those affected
Documenting the Change
Ntwk Diagram
Physical and Logical components
Asset MGMT
Detailed list of Software owned
IP Utilization
List IP addresses for Physical/Virtual devices
Vendor Doc
Manuals for hardware/software
Up-to-date contact info for reps for products
Internal Operating Procedures/Policies./ Standards
Ntwk policies
acceptable use of equipment
password standards
Port Mirroring
copy data from any or all physical ports on a switch to a single physical port
This is great for sniffing traffic coming in and out of a port
Local
mirroring copes of ports on a single switch to another port
must plug into switch
Remote
Access data copies from one or more ports on a switch without plugging in
Segregation
done for security, performance optimization, load balancing, and compliance
Layer 1 (Physical) Physically separating your network from every other network. (Air Gap)
Layer 2 (Data Link) Separating a physically connected network into separate broadcast domains. (VLANs)
Layer 3 (Network) Separating broadcast domains by blocking IP routes.
Above layer 3 VPNs, separate SSIDs, separate Windows domains, and virtualization.
Honeypot
Setup detour/bait system
Honeynet
Detour/bait network
Usually virtual
Legacy - WAP sends out separate packets just for legacy
Mixed/High Throughput - Sends packets that support older standards but at the speeds of 802.11n
Greenfield - N only ntwks, drops support for older devices
SNMP Manager
Run software called (NMS) Ntwk MGMT station
Managed Devices
Managed devices run software called agents
Agents respond to requests from SNMP managers
(MIB) Management Information Bases
Categorizes the data that can be collected
SNMP Operators
Get - (GetRequest,GetNextRequest)
NMS ask for info from agent
Response - Agent sends SNMP manager info
Set - (SetResponse) NMS tell agent to make changes
Trap - Agent ask for info from NMS
snmpwalk utility
SNMP manager to perform series of Get cmds
"Walk"
Performance Monitor (PerfMon)
Windows
syslog
Linux
SEM Security Event Management
Real-time monitoring of sec events
Collect and centralize disparately located sec and event logs
(SIM)Security Information Mangagement
Log files are reviewed and analyzed by people
Potential Impact
Unintended or positive effects
VLANs
ISL - InterSwitch Link
Cisco protocol for tagging VLAN
802.1Q
VLAN Tagging protocol NEW
(VTP)VLAN Trunking protocol
allows a network administrator to create a list of VLANs on one switch and then have the list of VLANs delivered to other switches within the VTP domain
Type of Change
Software v hardware
backup methods, work hours, ntwk access, workflow changes
Legacy Systems