Tech

Network Monitoring–Advanced IP Networking–NETWORKING, SECURITY, & MORE ESSENTIALS—CompTIA Network+ (N10-007) NETWORK-PLUS Certification Prep Course Notes

May 16, 2021 /

Network Monitoring

  • SNMP (Simple Network Management Protocol)
  • SNMP uses (listens on) UDP port 161 or port 10161 when using TLS.
  • SNMP–managed devices run an agent that talks with a N.M.S. (Network Management Station) (Note: A NMS can run on a virtual machine.)
  • N.M.S. (Network Management Station)
  • SNMPv1 is unencrypted, SNMPv2 added basic encryption, SNMPv3 added TLS encryption.
  • (It’s ok if there are different versions on the same setup.)
  • SNMP allows us to administer & manage network devices from a single source.
  • SNMP Manager is the device that “talks with” SNMP devices.
    • The SNMP Manager (usually a computer) runs the NMS (the interface that talks with the managed devices).
    • The NMS will listen on UDP port 162 or TLS port 10162.
  • M.I.B.–Management Information Base (built into every managed device)
    • a database that we query to be able to talk to that particular device.
  • * “Get“–the standard query we use with SNMP. Consists of the NMS sending a “Get” signal to a managed device, & then that device in return, sends a “Response” back.
  • Trap“–a type of failsafe set up on the managed device itself.
    • ex’s: What if the printer overheats? What if it gets overloaded with data?
    • The managed device will send a “trap” signal.
  • SNMPWalk or “Walk”–kind of like a batch process of “gets”. More commonly known as an “SNMPWalk”.
  • A SNMP community is an organization of managed devices. “Community” command:
    • “RO”–Read Only command
    • “RW”–Read Write command
    • Ex: “Cacti” is an open-source NMS for graphing SNMP data.
    • Others are “Nagios”, “Zabbix”, & “Spiceworks” and “SolarWinds”.
  • Documenting Logs
    • Review the different types of logs. (Logs keep track of things that have happened.)
    • “Event Viewer” is a Windows tool that displays various types of logs.
      • Note: Windows does NOT log Network events.
    • Many UNIX systems use “syslog”, which works with SNMP.
    • System or general logs
    • MS “Event Viewer” has Application logs, Security logs; Setup logs; & System logs.
    • “Syslog” errors go from 0 (high panic) to 7.
    • A “trap” and “an event” have some degree of similarity.
    • Other logs are History logs or Change logs.
  • System Monitoring
    • Abnormal warnings of high error rate or utilization might signify security breaches or broken equipment.
    • A baseline helps identify irregular activity that needs to be investigated.
    • * File integrity is an important part of a monitoring program.
    • * Error rate–signals a problem with some incoming packets (Error rate is a BIG ISSUE!)
      • indicates what % or what amount of frames and/or packets coming into the device are physically mauled up or not correct.
    • Utilization–really talking about CPUs
    • Notification
    • Packet Drops–measure the amount of packets that a particular device can handle.
    • Bandwidth–how much data am I moving per second.
    • Note: All monitoring tools will have baselines & metrics, which makes sense when you think about it.
  • S.I.E.M. (Security Information & Event Management)
    • SIEM tools aggregate & correlate data, allowing organization into valuable info.
    • A SIEM tool assess & correlates across logs to review an event.
    • SIEMs have alerts & the ability to notify based on a configurable trigger.
    • 2 important SIEM things are:
      • Aggregation–grabbing data from different places and storing it.
      • Correlation
    • W.O.R.M. (Write once, read many)
    • Correlation requires:
      • Alerts for notification if something goes bad.
      • Triggering–what sets an alert off? ex: exceeding thresholds
  • Network Troubleshooting Theory
    • Find the problem, gather information, identify the symptoms of the problem, question users, & see if there have been changes.
    • Establish the theory of probable cause, use the OSI model to help identify location & problem, and consider future prevention methods.
    • Test the theory, isolate variables, establish a plan of action, plan out steps, implement, verify, & test.
    • Using the network model as a starting place to troubleshoot network issues is an effective approach & can be performed using a top-to-bottom, bottom-to-top, or “most-likely layer to least-likely layer” (aka divide & conquer) methodology.

You May Also Like

More C++ Notes…

June 1, 2021

Blockchain & Money: Session 16: Central Banks and Commercial Banking, Part 2 by M.I.T. Sloan School of Management with Professor Gary Gensler

April 21, 2021

Security + Course Notes

June 1, 2021