ISO network management

model

By Ndeda Laureen
ISO network management model
 Organization for Standardization (ISO) has created a
network management model that assigns the network
management activities to one of the following problem
areas:

 Fault management: The concerns of fault management

are the detection of faults, and covering up
for them until they can be repaired, after which the
network can be returned to its original state.
Faults can be covered up by working around them or
by providing some alternative that is
functionally equivalent to the failed unit.
Configuration management:
 The configuration of the network is
the arrangement of its computers and
links, that is, its topology.

 Configurationmanagement deals
with changes to the configuration of
the network caused by the addition
and removal of computers and links.
Performance management:
 Managing the performance of a network involves
maintaining an acceptable quality of service for all
its users. This usually involves the delivery of
messages within some specified time.
 Occasionally, acceptable levels of service may be

expressed in terms of levels of reliability.

 Acceptable delivery times can be achieved by

managing the flows of traffic across the

network and, as far as possible, preventing the
build-up of congestion.
 Reliability can be ensured by invoking the necessary

measures against message impairment and loss.

Accounting management:
 The responsibilities of accounting
management are to keep track of
network usage and,
correspondingly, to generate bills
for the users of the network.
Security management:

 The concern of security management is to

ensure security both for the network itself and
for the users of the network.
 The security of the network can be ensured by
allowing access only to authorized users, and by
ensuring that those with access do not use it
improperly.
 The users of the network can be given the levels
of security they need by providing the
appropriate security services.
Examples of network management activities

 The following list give some examples of

activities that are typical of those undertaken by
a network administrator.


1. Monitoring the computers and links of a

network to detect any faults that may develop in
them.
2. Monitoring the message queues at each
computer to ensure efficient use of network
resources and prevent message loss.
EXAMPLE
 Example: The illustrated network segment
contains two printers. When one of them is
busy, which is apparent when its queue of
waiting jobs becomes full, computers with a
job to be printed will be directed to send it to
the other printer .
 3. Controlling the routing of messages through the network. This is a way of
routing round a fault detected in the network. It also provides a way of
avoiding the busy parts of a network where a message would be delayed.
Example: When computer 4 is busy, the routing table at computer 2 can be
changed to route messages for computer 3 via computer 1.
Network monitoring systems & tools

 Three kinds of tools

1.Diagnostic tools – used to test connectivity,
ascertain that a location is reachable, or a
device is up – usually active tools

2.Monitoring tools – tools running in the

background (”daemons” or services), which
collect events, but can also initiate their own
probes (using diagnostic tools), and recording the
output, in a scheduled fashion.   
Network monitoring systems & tools
 3.Performance Tools
Key is to look at each router interface (probably
don’t need to look at switch ports).


Two common tools:



-Netflow/NfSen: http://nfsen.sourceforge.net/
-MRTG: http://oss.oetiker.ch/mrtg/

 MRTG = “Multi
Router Traffic
Grapher   
Network monitoring systems & tools
 Active tools
-Ping – test connectivity to a host
-Traceroute – show path to a host
-MTR – combination of ping + traceroute
-SNMP collectors (polling)
Passive tools
-log monitoring, SNMP trap receivers, NetFlow
Automated tools
-SmokePing – record and graph latency to a set of hosts,
using ICMP (Ping) or other protocols
-MRTG/RRD – record and graph bandwidth usage on a
switch port or network link, at regular intervals             
Network monitoring systems & tools
 Network & Service Monitoring tools
Nagios – server and service monitor
 Can monitor pretty much anything

 HTTP, SMTP, DNS, Disk space, CPU usage.

 Easy to write new plugins (extensions)

 Basic scripting skills are required to develop simple

monitoring jobs – Perl, Shell scripts, php, etc...
-Many good Open Source tools
 E.G Zabbix, ZenOSS, Hyperic, OpenNMS .

 Use them to monitor reachability and latency in your network

 -Parent-child dependency mechanisms are very useful!               

Network monitoring systems & tools
 Monitor your critical Network Services
-DNS/Web/Email
-Radius/LDAP/SQL
-SSH to routers     


How will you be notified?

Don't forget log management!
-Every network device (and UNIX and Windows servers
as well) can report system events using syslog.

 -You MUST collect and monitor your logs!

-Not doing so is one of the most common mistakes when
doing network monitoring
Network monitoring systems & tools 
   
SNMP – Simple Network Management
Protocol
-Industry standard, hundreds of tools exist to exploit it
-Present on any decent network equipment eg Network
throughput, errors, CPU load, temperature.


-UNIX and Windows implement this as well

shows Disk space, running processes.


SSH and telnet

-It is also possible to use scripting to automate
monitoring of hosts and services
SNMP – Simple Network Management Protocol

   Industry standard, hundreds of tools exist

to exploit it.
 Present on any decent network equipment

eg Network throughput, errors, CPU load,

temperature.


-UNIX and Windows implement this as well

èDisk space, running processes      
SNMP tools

 Net SNMP tool set

-http://net-snmp.sourceforge.net/


Very simple to build simple tools

-One that builds snapshots of which IP is used by which
Ethernet address
-Another that builds shapshots of which Ethernet
addresses exist on which port on which switch.
-Query remote RAID array for state.
-Query server, switches and routers for temperatures.   
   
Statistics and accounting tools

 Traffic accounting and analysis



-What is your network used for, and how much

-Useful for Quality of Service, detecting abuses,
and billing (metering)
-Dedicated protocol: NetFlow
-Identify traffic ”flows”: protocol, source,
destination, bytes
-Different tools exist to process the information
Flowtools, flowc, NFSen

 Many more: http://www.networkuptime.com/tools/netflow/ 

       
Fault and problem management
 Is the problem transient?
-Overload, temporary resource shortage
Is the problem permanent?
-Equipment failure, link down
How do you detect an error?
-Monitoring!
-Customer complaints
A ticket system is essential
-Open ticket to track an event (planned or failure)
-Define dispatch/escalation rules
Who handles the problem?
Who gets it next if no one is available?               
Network Intrusion Detection
Systems (NIDS)
 These are systems that observe all of your network
traffic and report when it sees specific kinds of
problems, such as:


-hosts that are infected or are acting as spamming sources.



A few tools:


-SNORT - a commonly used open source tool:

http://www.snort.org/
-Prelude – Security Information Management System
https://dev.prelude-technologies.com/
-Samhain – Centralized HIDS
http://la-samhna.de/samhain/
-Nessus - scan for vulnerabilities:
http://www.nessus.org/download/         
Configuration mgmt & monitoring

   Record changes to equipment configuration

using

 revision control (also for configuration files)

 Inventory management (equipment,

Ips,interfaces).

Use of versioning control

  
THANK YOU