Network Management and Security in the Office - Essay Example

Network Management and Security Assignment Setting up the WAN: With the move of their head office with several multi-story buildings, each housing several hundred networked computers will be now designed to accommodate WAN technologies as follows: The following was drawn using SmartDraw to explain how the network should be set up. By using the an Ethernet switch it will be possible to handle the load that will accompany the relocation of their head office with the multitude of computers they have and will add to their network. This type of network will satisfy their future needs appropriately as they can add in other offices and routers to handle future demands. For instance, the following diagram shows how the network itself would be served wherein you have all the individual computers attached to the corporate LAN including any terminals, peripheral devices, etc. The use of an Ethernet switch will allow quicker access to services and should handle all bandwidth issues. More switches can be added to accommodate more devices as they are added. By having the servers attached directly to the device you will also have the security features that come with both the switch and the servers. NOS functionalities XP and Linux: There are generally seven areas where inter-operatability are viewed as key in deciding which operating systems will provide the best network operation: Security Vulnerability Patch Management Availability and Distribution of Security Information Performance and Reliability Interoperability Channel and Partner Opportunities Distribution Fragmentation Patents and Indemnification Total Cost of Ownership Staffing and Training Support Administration and Management Security There are three critical areas to consider when comparing Linux to Windows XP as a potential candidate for network operating system platforms: vulnerability to both attacks from outside the company's LAN/WAN and internally through security breeches, patch management with respect to the continual need to apply security patches, and availability and distribution of security information. Let's look at these security measures: Vulnerability Most Linux system have not been infected with a virus. This may be due to the fact that virus writers are not, at the moment, occupied with writing code to affect Linux machines based on the fact that it is UNIX based. Most hackers are not interested in Linux systems as of yet. In most cases XP users are victims of three or more hacker intrusions. It is believed that the Linux operating system has the best innate security. It is found that nearly 60 percent of non-Linux developers have been victimized by security breaches; 32 percent had been hit three or more times. SUSE Linux Enterprise Server 9 contains all the components required for compliance with the Common Criteria Evaluation CAPP/EAL 4+, improving on the top-rated CAPP/EAL 3+ certification achieved in version 8. Patch Management The effect of downtime for patch management needs to be considered when calculating TCO. Windows patch management is well documented as a problem due to the amount of vulnerabilities that are present within the software itself. This is a large issue when calculating the TCO of an operating system. There seems to be more value in Linux as an operating system due to the time that is not needed to install patches and security fixes. According to TechNewsWorld, "one major financial institution had to go to its board of directors to approve an additional $10 million to finish this patch. After MS Blast and the cost of patching that, it's, 'Here we go again,' as new vulnerabilities are found deeply ingrained in Microsoft systems." The article also mentions the plight of another financial institution that was forced to take down its IT system for three weeks to patch its Windows desktop machines. There is a continued weight the cost of continually patching Microsoft products when deciding which operating system to purchase. Availability and Distribution of Security Information One of the largest problems with the Microsoft OS situation is the fact that they do not support many of the earlier versions of their software. People are forced to upgrade whether they want to or can afford it. Another major problem with Windows is they don't share information on potential security breaches that are coming or are in the works unless they are paying customer of the additional services. According to a recent NetworkWorld Fusion article, "Microsoft's licensing policies and legal restrictions that forbid schools from distributing software patches to many students are leaving IT executives at universities with potentially thousands of unmanaged desktops that pose a serious security risk." There is a great deal of distaste for the operability functionality of XP and many are moving toward Linux as an alternative. Once you factor in the costs of TOC for the XP operating system and the downtime experienced through security breaches, the Linux environment is starting to take a more serious role in switching systems. SNMP 2 platform SNMP parameters using ASN.1 SNMP variables are defined using the OSI Abstract Syntax Notation One (ASN.1). ASN.1 specifies how a variable is encoded in a transmitted data frame; it is very powerful because the encoded data is self-defining. The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices can be any of four different types of commands: 1. Reads - Read is used to monitor the managed devices, NMSs read variables that are maintained by the devices. 2. Writes - Write is used to control the managed devices, NMSs write variables that are stored in the managed devices. 3. Traversal operations - NMSs use these operations to determine which variables a managed device supports and to sequentially gather information from variable tables (such as IP routing table) in managed devices. 4. Traps - The managed devices to asynchronously report certain events to NMSs use trap. SNMPv1 Operations SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below. Get - Allows the NMS to retrieve an object variable from the agent. GetNext- Allows the NMS to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. Set - Allows the NMS to set values for object variables within an agent. Trap- Used by the agent to inform the NMS of some events. The SNMPv1 messages contains two part. The first part contains a version and a community name. The second part contains the actual SNMP protocol data unit (PDU) specifying the operation to be performed (Get, Set, and so on) and the object values involved in the operation. The following figure shows the SNMPv1 message format. The SNMP PDU contains the following fields: PDU type Specifies the type of PDU. Request ID Associates requests with responses. Error status Indicates an error and an error type. Error index Associates the error with a particular object variable. Variable-bindings Associates particular object with their value. The role of RMON probes in this design in so much as it provides the monitoring tools necessary to monitor network LAN conditions and is extremely important in measuring performance. Here is a snapshot from Network Systems RMON Probe software: Security Features of the Network Implementing security within the network includes: Network Management Security Performance Each of these are discussed as follows and the best way to implement them. The following is a preferred example of how the network management tools are needed to provide adequate monitoring. This comes from an article published on Freshmeat.com: Network Management The normal definition of NMS is "Network Management System" consist of at least: 1. Up/Downtime Monitoring 2. Reporting 3. Configuration Change Management 4. IP/Asset Management 5. Security 6. Event Correlation/Root Cause 7. Alerting 1. Pure Up/Down Monitoring. Typically with just ICMP, but some with applications (DNS, HTTP, etc.). 2. Event correlation. Polling using SNMP, ICMP, and applications. Alerting on SNMP traps and syslog. 3. Root Cause Analysis. Advanced event correlation to ensure minimum false negative alerts. Security Event correlation is the core functionality of an NMS. Without it, too many false negative alerts are generated, which make the system ineffective. Root Core Analysis takes event correlation a step further. Rather than just dampening alerts from nodes downstream of an existing problem, it only alerts on the real cause of a problem, to significantly reduce the time needed for a fix. Performance Currently, a typical NMS platform will consist of two main systems, with one solution doing the Up/Down monitoring, the other the reporting. This leads to extremely inefficient double polling of devices. Why ping a host to see if it's up when you've just gathered interface stats from it Some systems can be integrated to help reduce this double polling, but only a single NMS solution will truly provide the most efficient use of the network. There are vendors that have proprietary management software for their systems to provide an alternative to the commandline. Although some things can be done easily by SNMP, but there is a limited amount of interaction an NMS should have with a device's CLI. For instance, RANCID provides an easy change management system for routers, but also shows the possibilities of being able to integrate functions into an NMS that typically are done at the CLI level. Think being able to do mass changes (for example, SNMP community changes) via a few clicks on a GUI, rather than manually having to login to thousands of devices. Current Solutions F/OSS Big Brother Nagios/Netsaint OpenNMS Cheops-ng OSSIM MRTG RRDTOOL Weathermap Commercial HP OpenView SMARTS Aprisma Netcool Concord Proviso InfoVista (FreshMeat.com 2006) Many times as security is a high priority in ensuring high levels of network operability, there is much lost in the performance sector. There is a balance required to monitor security issues and the use of logs is the main source of investigation into where the security is lapsing or where performance is lagging. Management Regime of the Network As with a WAN and LAN network setup within a company, there is a need to have each of these sectors managed appropriately and with a transparency to users of the network. There is a need to have four areas monitored independently to avoid collusion: LAN MCSE who is entirely responsible for monitoring and fixing issues with the hardware/software servers in the internal network. LAN MCP who is responsible for the LAN users and implementing network security protocols to the users who will access certain areas of the servers and provide any upgrades to software that the users will require. Works in conjunction with the LAN/WAN MCSEs in developing performance enhancement initiatives and any upgrades to server hardware/software WAN MCSE who is entirely responsible for issues relating to LAN to WAN connectivity, hardware/software upgrades to the grid and router configuration/management. WAN MCP who is responsible for issues relating to the grid users (server side security) and works with the LAN MCP/MCSE to resolve issues relative to the WAN/LAN connectivity You also have the help desk and client management administrator that is entirely committed to user issues/problems that may arise. Sources Building a Network Management System. March 16, 2006, [online] Available at: http://freshmeat.net/articles/view/1553/ Network Management Using SNMP. March 16 2006, [online] Available at: http://www.zyxel.com/support/supportnote/ZyAIR_B5000/app/snmp.htm Network Monitoring Tool. Network Instruments. March 16 2006 [online] Available at: http://www.networkinstruments.com/products/rmon_probe.html Diagrams provided by: Network Instruments RMON software SmartDraw Technical Edition. Read More