Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 1 NETWORK MANAGEMENT AND MONITORING Developed by: Alberto.

Slides:



Advertisements
Similar presentations
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Advertisements

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.
Emerging Technologies in Wireless LANs. Replacement for traditional Ethernet LANs Several Municipalities Portland, OR Philadelphia, PA San Francisco,
Chapter 15 Chapter 15: Network Monitoring and Tuning.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
1. 2 How do I verify that my plant network is OK? Manually: Watch link lights and traffic indicators… Electronically: Purchase a SNMP management software.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Hands-on Networking Fundamentals
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
9/15/2015© 2008 Raymond P. Jefferis IIILect Application Layer.
BAI513 - PROTOCOLS SNMP BAIST – Network Management.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
ﺑﺴﻢﺍﷲﺍﻠﺭﺣﻣﻥﺍﻠﺭﺣﻳﻡ. Group Members Nadia Malik01 Malik Fawad03.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
Module 7: Advanced Application and Web Filtering.
«Fly Carrier» agent software Optimization of data transmission over IP satellite networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network System Security - Task 2. Russell Johnston.
Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK 1 Advanced Networking Developed by: Alberto Escudero Pascual,
Last updated: 20 April 2006 Alberto Escudero Pascaul ItrainOnline MMTK Access Point Configuration Developed by IT +46 Based on the.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Chapter 19: Network Management
Working at a Small-to-Medium Business or ISP – Chapter 8
Architecture and Algorithms for an IEEE 802
Lec 5: SNMP Network Management
Top-Down Network Design Chapter Thirteen Optimizing Your Network Design Copyright 2010 Cisco Press & Priscilla Oppenheimer.
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Securing the Network Perimeter with ISA 2004
MAC Addresses and ARP 32-bit IP address:
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Lec 2: Protocols.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Lecture 6: TCP/IP Networking By: Adal Alashban
NSE4-5.4 Dumps
Welcome To : Group 1 VC Presentation
CompTIA Security+ Study Guide (SY0-401)
ONOS Drake Release September 2015.
IIS.
Network Virtualization
Multimedia and Networks
File Transfer Issues with TCP Acceleration with FileCatalyst
Firewalls Chapter 8.
Introduction to Network Security
Beyond FTP & hard drives: Accelerating LAN file transfers
Chapter 15: Network Monitoring and Tuning
Chapter 7 Network Applications
OSI Reference Model Unit II
OSI Model 7 Layers 7. Application Layer 6. Presentation Layer
Hosted Security.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 1 NETWORK MANAGEMENT AND MONITORING Developed by: Alberto Escudero Pascual, IT +46

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 2 Goals We need to know what we want, to be able to know what we need Are Monitoring and Network Management the same thing? Do not follow tools, follow methods!

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 3 Table of Contents Methodology of this unit Goals versus Data Monitoring Monitoring Service Goals Technical Principles –SNMP/MIB –Traffic Accounting –Traffic Shaping –Bayesian filters –Virus Fingerprints Tools (MRTG, Ntop, SpamAssassin, Clam AV)

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 4 Methodology Focus on goals, not tools Understand the technical principles behind the tools Understand which technical principles we need to achieve our goals

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 5 Goals versus Data monitoring Technical principles GoalsTools Decisions

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 6 Monitoring Service Goals Three examples: Save cost by reducing International bandwidth use Provide better QoS for VoIP Manage Service and Network growth

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 7 Goal 1: Save costs in International Bandwidth

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 8 Goal 2: QoS for VoIP

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 9 Goal 3: Managing service and Network Growth

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 10 Technical Principles Five technical principles: SNMP/MIB Traffic Accounting Traffic Shaping Bayesian Filters Virus fingerprints

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 11 Operation and maintenance protocol for network computer networks and network devices Server/client architecture Client queries remote network devices –Statistical information, private data SNMP-enabled device contains a statistical information database (MIB) Interoperability and ability to be extended Complex encoding rules, inefficient coding SNMP/MIB

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 12 SNMP is also “traffic” in your network –Minimize overhead by asking smart queries SNMPv1 does not provide encrypted authentification –Mind your passwords SNMP consumes CPU SNMP/MIB

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 13 SNMP/MIB ● Wireless vendors implement proprietary sets of wireless information in MIBs ● The mechanism to retrieve certain kind of wireless data varies ● Wireless devices are equipment with own “Management tools” ● Integration of different management tools is normally complicated as the code seldom is open source ● Write your own wireless management system!

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 14 Traffic Accounting General principal for monitoring traffic statistics: ● Network decisions ● Troubleshooting ● Monitoring host activities

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 15 Traffic Accounting ● Packet and byte counts ● Protocol distribution statistics ● IP checksum errors ● Discovery of active hosts ● Data activity among host

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 16 Traffic Accounting ● Active ● Enable SNMP in all routers/bridges of the network ● Passive ● Promiscuous mode ● Requires direct acces to channel and CPU to gather and digest information

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 17 Control traffic flow Guarantee certain performance Queueing disciplines in IP layer –Latency and congestion –Bandwidth and fairness Traffic Shaping

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 18 Traffic Shaping ● Modification of IEEE MAC layer in IEEE based products to implemet similar behaviour using proprietary mechanisms that does not ensure interoperability ● Proxim has implemented a proprietary polling mechanism (WORP) to allocate network capacity by using time slots

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 19 Applied on outgoing traffic –Outgoing is normally bottleneck Buffert overflow –Dropping TCP packets ->Retransmission –Latency Prioritization of packets –User interaction (ssh, rtp) –Bulk traffic (ftp, http) Queuing disciplines and latency

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 20 Can ensure: ● QoS ● A certain bitrate to a specific host ● Limited throughput for a specific service ● Fair network ● Customer gets what he/she paid for Bandwidth management by packet queuing

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 21 Bandwidth management by packet queuing Classful queuing disciplines –Hierarchical structure –Class specifies queueing algoritm, bitrate, ceiling limit (depending on protocol, IP, subnet) HTB (classful) –Controlling bandwidth by simulating slow links SFQ (classless) –Fairness with saturated link

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 22 Bayesian Filters Content based anti-spam filter –Header (sender and message paths) –Embedded HTML code –Word pairs and phrases –Meta information Adaptive – self lerning by error reports No manual wordlist –Initial list created by analysing content

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 23 Bayesian Filters ● Place your anti-spam filter before the mails enter your wireless infrastructure ● Placing mail rely agent with anti-spam filters on the other side of you international link can save 10-20% of your international bandwidth costs

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 24 Virus Fingerprints (signatures) Fingerprints: Computer instructions or derivatives of them used by knows viruses Antivirus programs –Uses virus fingerprints to scan code –Online constantly updated databases Heuristic scanning algorithms –Creates permutations of known viruses to predict future mutated viruses

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 25 Monitoring Tools Free and open source tools: MRTG Ntop SpamAssassin Clam Antivirus (Clam AV)

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 26 Monitoring the wireless Vendor specific monitoring tools (for certain operating system) –Brings limited usage N vendors implies n network monitoring tools Single interface by integration (SNMP/MIB -> MRTG)

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 27 Multi Router Traffic grapher Monitor and display network parameters (CPU, traffic load) Uses data from SNMP-enables devices Graphical web based interface MRTG

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 28 Configuration of MRTG: Pre-requirements: web server, MRTG installed, IP addres and SNMP password of deviece you want to monitor Create configuration file for MRTG (cfgmaker) Create a “cron” process that runs MRTG MRTG

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK Create default config file for mrtg > cfgmaker > /etc/mrtg_b.cfg 2. Change working directory of MRTG in mrtg_b.cfg WorkDir: /var/www/mrtg 3. Create periodic task by adding the following line in /etc/crontab */5 * * * * root /usr/bin/mrtg /etc/mrtg_b.cfg MRTG: Bandwidth monitoring

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 30 ● Need data from MIB of wireless device ● How to find the right queries (OID)? ● Reverse engineering! ● Use proprietary network manager to monitor traffic (link-test) MRTG: SN/R monitoring

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK :41: > snmp: GetRequest(29) x b d5 0a0a 0a0c E..Hw x0010 0a0a 0afe 04ec 00a bb 302a d.0*.. 0x c69 63a0 1d public x f06 0b2b x a z :41: snmp > : GetResponse(30) =2 (DF) 0x a0a 0afe 0x0010 0a0a 0a0c 00a1 04ec b5 302b b x c69 63a2 1e public x b2b MRTG: SN/R monitoring

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 32 Connected users to AP

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 33 Signal & noise parameters

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 34 Wireless with MRTG

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 35 Free and open source (GPL) Traffic measurement Traffic characterization and monitoring Detection of network security violations Network optimization and planning Ntop

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 36 ● Sent and received data per protocol ● IP multicast ● TCP session history ● TCP/UDP services used and traffic distribution ● Bandwidth utility (actual, average, peak) ● Traffic distributions (among subnets) Traffic measurement

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 37 Identifying situations where netowrk rules and thresholds are not followed by detecting: ● Duplicated use of IP addresses ● NICs in promiscuous mode ● Misconfigurations in software ● Service misuse (proxy servers etc.) ● Excessible bandwidth utilization Traffic characterization and monitoring

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 38 Detection of network attacs such as: ● Portscan ● Spoofing ● Spyes ● Trojan horses ● Denial of Service (DoS) Detection of network security violations

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 39 Identify suboptimal configurations and non-efficient utilization of available bandwidth ● Unnecessary protocols ● Suboptimal routing (ICMP redirect) ● Traffic patters and distribution Network and optimization and planning

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 40 Ntop

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 41 SpamAssassin ● Don't block, just tag! ● Gives each message a score based on: ● Header and body phrases ● Bayesian filter ● Whitelists/blacklists ● Collaborative spam identification databases ● DNS blocklists ● Character sets and locales

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 42 Clam Antivirus ● Does not delete or clean infected file, just tags it ● Fast scanning of directories and file ● Detection of over viruses, worms and trojan horses ● Scans archives and compressed files ● Contains advanced database updater with support for virus signatures

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 43 Flooding the network 18:12: > : S : (0) win (DF) 0x f d7f aca8 0x0010 aca b7 01bd 3fb0 a1d R5....? x faf0 f b p :12: > : S : (0) win (DF) 0x a9c aca8 0x0010 aca8 e37a bd 784c 6ace z....xLj x faf0 60db b p...` :12: > : S : (0) win (DF) 0x a9d aca8 0x0010 aca8 c46a 059b 01bd 784d j....xM.i.... 0x faf0 d84d b p....M :12: arp who-has tell x ba aca [ x b aca8 00f x :12: > : S : (0) win (DF) 0x f8b c141 aca8 0x0010 aca8 a08f 093f 01bd 2dba 13b ? x faf0 41cd b p...A :12: > : S : (0) win (DF) 0x a b5f0 aca8 0x0010 aca8 d9c2 08bb 01bd 3fb1 84b ? x faf b p :12: > : S : (0) win (DF) 0x a e02 aca8 0x0010 aca8 61b0 08b8 01bd 3fb2 5e0e a.....?.^ x faf0 24d b p...$

Last updated: 25 April, 2006 Alberto Escudero Pascual ItrainOnline MMTK 44 Conclusions ● Monitoring raw data will not help ● You need to monitor to have a good network managment ● Set your goals, find the technical principles and then choose your tools ● If a tool does NOT do what you want or does far more of what you need, consider building one.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.