ChApTEr 10: Network Management 486 FIGurE 10.4 A Simple Physical Network Diagram.. Many physical network diagrams, as represented in Figure 10.5, have the site name, location, type of
Trang 1ChApTEr 10: Network Management 486
FIGurE 10.4
A Simple Physical Network
Diagram.
Image courtesy of Mark
R Lindsey, mark@lindsey.name
FIGurE 10.3
A Confusing Network
Diagram.
Image courtesy of olimould.com
Trang 2Configuration Management 487
assistance of network diagram software like Microsoft Visio, SmartDraw,
and/or AutoCAD
Many physical network diagrams, as represented in Figure 10.5, have
the site name, location, type of physical media connecting each site, and the
speed at which the site link is running at Physically laying out your network
devices will help you conserve time and money when you finally do decide to
create or troubleshoot network issues
logical Network diagrams
Logical network diagrams depict how your network looks from a computer’s
point of view and not as a physical structured layout as we might see it in our
server rooms Protocols, configurations, IP addressing, subnets, access control
FIGurE 10.5
A Complex Physical Network Diagram.
Image courtesy of Cisco.com
Trang 3ChApTEr 10: Network Management
488
lists, security devices (firewalls, virtual private networks [VPNs], and so on), and applications are all logically associated with a computer network and are drawn into logical network diagrams Notice Figure 10.6 does not show any
of the physical characteristics of Figure 10.5 In fact Figure 10.6 has details such as IP addresses, subnets, firewalls, and logical network paths in and out
of different subnets, which are logical
Baselines
Identifying how networks operate under “normal” conditions might help you recognize performance, collision, and utilization issues when compar-ing your “normal” conditions to previous periods of operation
Over a period of time you should document the pattern of “normal” behavior
in your environment, which is called a baseline Baselines should be tracked at particular times of day Baselining activities may include when servers reach maximum allocation, when a router and switch have the highest activity dur-ing the day, and when users are most likely to surf the Internet Creatdur-ing a
FIGurE 10.6
A Logical Network
Diagram.
Image courtesy of Dustin L Fritz
Trang 4Configuration Management 489
baseline early and continuing to do analysis on this baseline will help you
understand your network better which assists in identifying problems earlier
in the troubleshooting process
Choosing a baseline method can depend on the size of your network
and how many users you have There are free tools on the Internet that can
assist with collecting network statistics, which can then be used to output
statistical reports for later analysis Many baseline tools collect and monitor
activity on the network, as well as on various hardware components such as
CPU, memory, hard drive, and network interface cards (NICs) Other
hard-ware baseline applications are placed in between Wide Area Network (WAN)
links to simply measure throughput, check for packet errors, and identify
bottlenecks Figure 10.7 is an example of a network baseline tool
policies, procedures and Configurations
Network management would be impossible without policies, procedures,
and configurations A calculated plan of action to guide decisions and
achieve sound outcomes is the goal of creating and adhering to policies,
pro-cedures, and configurations Security vulnerabilities and network
manage-ment challenges are the outcomes of badly written or nonexistent policies
FIGurE 10.7
A Network Baseline Tool.
Image courtesy of PacketTrap Perspective
Trang 5ChApTEr 10: Network Management
490
To prevent this, consider how network technicians create user accounts
If each network technician created user accounts differently, you would have
a lot of problems troubleshooting user account issues because none of the accounts are configured off a standard guideline Policies provide guidelines
on who can create user accounts, for instance Procedures are much more than guidelines Procedures lay out each step needed to accomplish a task For example, when creating a user account, the user ID may be the person’s last name and first initial and not to exceed eight characters Detailed steps with procedures help execute policies
Common policies might address the following:
End user license agreement
■
■
Network access and user accounts
■
■
Proper destruction of network devices (that is, printers)
■
■
Creating of administrative and user passwords
■
■
Periodic backups for servers and clients
■
■
Termination of user account access
■
■
Third party software authorization
■
■
User account lockout and account disabling
■
■
Missing or corrupt computer files
■
■
Malicious code discovery by users
■
■
Natural disaster affecting network connectivity
■
■
Software management and storage
■
■
IP addressing scheme for contractors
■
■
Computer naming convention for servers
■
■
Network sharing programs for users
■
■
WAN troubleshooting techniques
■
■
Federal and state computer fraud hotline
■
■
regulations
Regulations are very important to plan and establish your local policies and procedures because many organizations are held to state and federal regulations which will affect their responsibilities as a public/private, for profit, or not-for-profit business
Trang 6Configuration Management 491
Communications Assistance for Law Enforcement Act (CALEA) requires
telecommunications companies and equipment industries to allow for
sur-veillance capabilities See report in Figure 10.8 The Federal
Communica-tions Commissions (FCC) periodically releases reports establishing new
regulations In Figure 10.8, this report requires certain broadband and VoIP
providers to accommodate wiretaps Visit http://www.fcc.gov/calea/ for more
details
Other important regulations:
Health Insurance Portability and Accountability Act (HIPAA) – “The
Office for Civil Rights enforces the HIPAA Privacy Rule, which protects
the privacy of individually identifiable health information, and the
confi-dentiality provisions of the Patient Safety Rule, which protect identifiable
information being used to analyze patient safety events and improve patient
safety.”
http://www.hhs.gov/ocr/privacy/index.html
FIGurE 10.8
FCC CALEA Report.
Trang 7ChApTEr 10: Network Management
492
Sarbanes-Oxley Act of 2002 – “On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002, which he characterized as “the most far reaching reforms of American business practices since the time
of Franklin Delano Roosevelt.” The act mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud, and created the “Public Company
Account-ing Oversight Board,” also known as the PCAOB, to oversee the activities of
the auditing profession.”
http://www.sec.gov/about/laws.shtml#sox2002 ISO/IEC 27002:2005 – “… establishes guidelines and general princi-ples for initiating, implementing, maintaining, and improving informa-tion security management in an organizainforma-tion The objectives outlined provide general guidance on the commonly accepted goals of information security management …” The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational secu-rity standards and effective secusecu-rity management practices, and to help build confidence in interorganizational activities …, best practices of con-trol objectives and concon-trols in the following areas of information security management:
Security policy
■
■
Organization of information security
■
■
Asset management
■
■
Human resources security
■
■
Physical and environmental security
■
■
Communications and operations management
■
■
Access control
■
■
Information systems acquisition, development, and maintenance
■
■
Information security incident management
■
■
Business continuity management
■
■
Compliance
■
■
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail htm?csnumber=50297
Trang 8Network Monitoring 493
NETworK MoNITorING
Network monitoring is a great way to identify performance and
connectiv-ity issues Using a tool called packet sniffer allows you to collect all the data
that is being transmitted to and from your computer or between routers
The advantage to collecting individual packets is that you will have insight
and detailed inspection of how and why certain traffic is not working For
instance, in Figure 10.9 you can see someone is viewing a Web site If you are
told by a user that they cannot access the Internet, you can confirm it by
col-lecting packets from the network using a packet sniffer or possibly discover
that they really are surfing the Internet HTTP traffic is very easy to identify
in Figure 10.9 because it is presented to you with “http” and the associated
port number of 80 Along with that is the IP address that is captured in the
packet Using packet sniffers is truly remarkable because you can quickly
FIGurE 10.9
Wireshark, an Open Source Packet Sniffer also known as Network Protocol Analyzer.*
*Download Wireshark for free at http://www.wireshark.org
Trang 9ChApTEr 10: Network Management
494
identify a network performance problem because you are seeing everything
at the packet level come across your network
Just as documentation on configurations and changes can be helpful in solving problems with your network so can the logs generated by the software running on these machines Logs are records of events that have occurred and actions that were taken Many systems will provide logs that will give automated information on events that have occurred, including accounts that were used to log on, activities performed by users and by the system, and problems that transpired These details make logs a valuable tool when troubleshooting problems and identifying adverse incidents (such as intru-sions to the system)
On many systems, the logs may be simple text files that are saved to a location on the local hard drive or a network server In other cases, the sys-tem will provide a specific tool for viewing the information For example, in
Windows NT, 2000, 2003, and XP, a tool called Event Viewer is used to view
a series of logs generated by the operating system As shown in Figure 10.11, Event Viewer allows you to view data stored in the following:
■
■ Application log Contains events that are logged by individual
pro-grams or applications installed on the operating system
■
■ Security log Displays possible security issues that the operating
system monitors This includes valid and invalid log-on attempts, the use of a specific resource by an audited user, and other actions related to security
■
■ System log Displays events logged by the system components of
the operating system Information stored in this log includes facts about drivers that failed to load properly, warnings on low disk space and memory, remote access attempts, and other information
on the system itself
Each of the logs in Event Viewer can be accessed by clicking on the corresponding node in the left pane of the application When a log is selected, the individual events recorded in the log are displayed in the right pane of the application (Figure 10.10) To view specific information about an event, you simply double-click its entry in the right pane Logs are also created by other software and devices installed on a computer, or generated by devices that have been configured to write information to a file stored on a particular com-puter For example, firewall software installed on a server would maintain its own records of users accessing specific Web sites, downloaded files, attempts
to access restricted resources, and other information In the same way, a door lock system may require a personal identification number (PIN), biometrics,
Trang 10Network Monitoring 495
or a card key before access is granted to the building Such systems commonly
record authorized and denied entry attempts to a file or series of files on a
specific computer In each of these cases, the logs provide a record that can be
reviewed in the event of a security breach or other problems
password lists
Passwords are access codes that use alphanumeric and special characters that
allow you to log onto operating systems, software, or specific files Over the
years, you’ve probably heard that passwords shouldn’t be written down, and
should only be remembered This is generally true in most cases, as it would
be unwise to have passwords written on little pieces of paper and carried
in wallets, left on desks, or stuck to the monitors of computers However,
there may be times when you’re unavailable and other members of the IT
staff need a particular password to fix a problem Because of this, passwords
should also be documented so others can use them
Password lists should contain all of the passwords used to perform
administrative or maintenance tasks on the network This includes
pass-words for:
The administrator account on servers and workstations
■
■
Accounts that have access to modify other accounts, in case
man-■
■
agement of network accounts are needed
FIGurE 10.10
Windows XP Event Viewer.