CertMaster Network+ (N10-009) Module 8_Presentation Slides.pptx.pdf

Full Transcript

Module 8
Supporting Management Network

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 1
Learning Objectives
Explain the use of configuration and
change management documentation.
Use discovery and monitoring tools
to identify network assets.
Use event management to ensure
network availability.
Use packet analysis and traffic metrics
to troubleshoot performance issues.
Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 2
reserved.
 Lesson 8.1
Organizational Policies and Documentation

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 3
Policies and Documentation
Importance of
Types of documentation
documentation
Facilitates troubleshooting Configuration management

Backup management
Ensures consistency
Change management
Supports scalability
and upgrades Asset management

Supports staff overturn Network management

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 4
Configuration Management
Determine an
Identify Consider a
identification
service assets CMS solution
strategy

Establish a CI Monitor
management configuration
plan drift
Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 5
reserved.
Network Device Backup Management
Document backups and procedures

Maintain a regular backup schedule

Audit and verify backups

Maintain version history

Configure remote logging of state data

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 6
reserved.
Change Management
Establish a comprehensive documentation protocol

Ensure consistent use of templates

Implement version control and access management

Incorporate a feedback loop

Regularly review and update documentation
Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 7
reserved.
Asset Management - Inventory
Record asset
Update inventory
description, purchase
documentation
date, service history,
regularly
status, and location

Implement strict
Adopt asset
access controls to
management software
inventory
tools
documentation
Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 8
reserved.
Network Management
Physical network Logical network IP address
diagrams diagrams management
Detail hardware Display protocols Use a consistent
components being used addressing scheme
Record location Organize by function Record IP addresses
information vs physical location Use automation
Specify cabling Identify tools
details interconnection
points

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 9
reserved.
Activity: Worst Case Scenario
What if there wasn’t documentation and….

The network administrator left the company?
There was a natural disaster?
Primary systems crashed?

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 10
reserved.
 Lesson 8.2
Host Discovery and Monitoring

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 11
Network Discovery
Network Discovery
Identifying network devices
and services
Network management
and security auditing

Network Discovery Tools
Nmap
AngryIP
PRTG

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 12
reserved.
Nmap Scanning Techniques
Basic Scans
Default action pings and sends TCP ACK
packets to ports 80 and 443
ARP and Neighbor Discovery (ND) sweeps
on local networks

Host Discovery
–sn switch performs discovery
without port scanning

Service and OS Detection
Identify services and OS running on a host

Stealth Scans
Evade detection
Identify non-responsive hosts
Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 13
reserved.
Discovery Protocols
Cisco Discovery Link Layer Discovery
Protocol (CDP) Protocol (LLDP)
Cisco proprietary tool IEEE standards-based protocol

Discovers how devices are Discovers how devices are
connected in a network connected in a network

Discovers OS version Discovers OS version
and IP addresses and IP addresses

Detects information from directly Detects information from all
connected CDP devices directly connected LLDP devices

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 14
reserved.
 Performance Monitoring
Tracks and analyzes the speed and efficiency of a network

Metrics tracking Baseline establishment Threshold alerts

Bandwidth Based on Ensures optimal
Throughput historical value system performance
CPU and Memory Compared to current Alerts when
Storage performance metrics deviate
Latency
Response Time
Error Rate

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 15
reserved.
Availability Monitoring
Verifies that network devices and services are
operational and accessible when needed

Early Optimize
Preventing
detection of server
wider impact
outages performance

External
Network Security
validation
stability threats
tools

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 16
reserved.
Configuration Monitoring
Verifies that all network appliances are in a known state

Baseline or golden configuration

Production configuration

Backup configuration

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 17
reserved.
Activity: Fill in the Blank

1. __________ monitoring verifies that network
devices and services are operational and
accessible when needed.

2. __________ monitoring verifies that all
network appliances are in a known state.

3. __________ monitoring tracks and analyzes
the speed and efficiency of a network.

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 18
reserved.
 Lesson 8.3
SNMP

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 19
Simple Network Management Protocol
Simple Network Management Protocol (SNMP)

Operates at the application layer
Uses UDP ports 161/162

SNMP Functions

Monitor network devices
Detect network faults
Configure remote devices

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 20
reserved.
Components of SNMP
SNMP Manager (NMS)

Centralized system for network monitoring
Also known as a Network Management Station

SNMP Agent

Software module on managed devices (e.g., routers, switches)
Maintains information in a database

Management Information Base (MIB)

Hierarchical collection of managed resource information
Organized into categories (e.g., system, interface, IP, and more)

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 21
reserved.
SNMP Messages
GetRequest GetNextRequest SetRequest
Retrieves data from Gets the value of a Sets the value of an
SNMP agents variable (used for object instance
table entries)

Response Trap InformRequest
Confirms successful Sent by agents when Like a trap but with
value setting a fault occurs acknowledgment

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 22
reserved.
SNMP Security
SNMP v2c Security Tips
Avoid transmitting plaintext community strings over networks.
Use complex community strings; avoid defaults.
Restrict operations via access control lists to known IPs.

SNMP v3 Advancements
Offers encryption and strong user authentication
Uses username lists with access permissions
instead of community strings

Auth modes
authNoPriv: Authentication without encryption
authPriv: Authentication with encryption using user credentials

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 23
reserved.
Activity: True or False?

An SNMP Manager is a hierarchical
collection of managed resource
information that is organized into
categories like system, interface, IP,
and more.

True? or False?

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 24
reserved.
 Lesson 8.4
Event Management

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 25
Network Device Logs
Network Device
Key Log Types
Logs Defined

Data sources for System Logs
network
monitoring,
troubleshooting, Application Logs
security audits
Audit Logs

Metadata Performance/
Traffic Logs

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 26
reserved.
Network Device Log Usage
Troubleshooting & Security & Log Management
Performance Compliance Practices

Regular review and
Pinpoint network Track unauthorized
analysis for issue
issues access, breaches
prevention

Critical for security Secure storage for
Optimize
policies, regulations data integrity and
performance
compliance forensic use

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 27
reserved.
Log Collectors
Objective

Centralize, simplify network log management

How It Works

Aggregate log data into single repository

Benefits

Centralized Management
Efficiency
Scalability

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 28
reserved.
Syslogs
Objective
Provide a standardized protocol for sending log messages

Key Features
UDP Port 514:
PRI Code
Flexibility

Advantages
Widespread adoption
Simplifies integration

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 29
reserved.
Event Prioritization and Alerting
Event
Alerting Why It Matters
Prioritization
Determine event Automated alerts
Prevents performance
importance from based on event
issues
devices severity

Categorize events, Triggered by event
Filters out non-critical
Emergency (0) to types, thresholds, or
alerts
Debug (7) anomalies

Identify immediate Prioritizes critical
Alerts need attention;
action vs. events for system
notifications inform
informational events integrity

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 30
reserved.
Syslog Severity Levels

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 31
reserved.
Event Prioritization and Alerting
Effective Alert Streamlining Alert
Management Strategies Responses

Triage process for alerts Automation tools for
(Immediate, medium, common alerts/
and low-priority) standard responses

Custom alert Incident Management
thresholds Systems integration

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 32
reserved.
SIEM Overview
Definition
Analyzes security alerts from applications
and network devices in real-time

Purpose
Integrates security information management (SIM)
and security event management (SEM)

Key Functions
Log Aggregation
Event Correlation
Alerting

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 33
reserved.
SIEM Overview
Event Management Capabilities
Real-time visibility
Threat detection and response
Compliance management

Implementation Benefits
Enhanced security posture
Reduced incident response time
Improved efficiency

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 34
reserved.
SIEM Example

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 35
reserved.
 Activity: Matching

Performance/
Audit Logs Application Logs System Logs
Traffic Logs

Metrics for OS events, Authentication
Service-specific
compute, storage, configuration, and authorization
data (DNS, HTTP)
network kernel processes attempts

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 36
reserved.
 Lesson 8.5
Packet Capture and Analysis

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 37
Packet Capture
Definition & Purpose
Recording network traffic for analysis and troubleshooting

Key Concepts
Use libpcap library for capturing packets
Filtering capabilities to capture specific data

Practical Application
Demonstrating how to initiate a packet capture session and important command
lines (e.g., `tcpdump -i eth0`)

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 38
reserved.
Packet Analysis Tools
Overview

Tools that assist in analyzing captured network packets
Used to diagnose issues or monitor network health.

Featured Tools

tcpdump
Wireshark
ngrep

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 39
reserved.
Packet Capture Analyzer Example

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 40
reserved.
Capture Analysis Techniques
Analysis Objectives
Understanding traffic flow
Identifying misconfigurations
Detecting anomalies

Wireshark Analysis Features
Frame-by-frame header and payload examination
Use of Follow TCP Stream to reconstruct session data

Statistical Tools
Conversations and Protocol Hierarchy
Traffic analysis

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 41
reserved.
Activity: Quick Search

Take a few minutes to research these tools
Tcpdump
Wireshark
ngrep

Share your findings with the class
What is the tool used for?
How does it help with network management?

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 42
reserved.
 Lesson 8.6
Traffic Monitoring

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved. 43
Traffic Monitoring
Definition Key Points

Continuously observing and Identifies traffic
analyzing the flow of traffic volume trends
across a network to ensure Monitors performance to
optimal performance and detect anomalies
security Helps in capacity planning
and network design
adjustments

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 44
reserved.
Common Performance Issues
Typical problems that affect network efficiency and user experience

Types of Common Issues

Packet loss, delays, and jitter affecting
quality of service (QoS)
Bandwidth bottlenecks leading to
slow data transfer rates
Misconfigured network hardware
Outdated infrastructure

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 45
reserved.
Flow Data
Information extracted from data packets that provides
insights into the traffic flow within a network

Key Points
Includes source/destination IPs, packet sizes, and timestamps
Essential for network performance analysis and troubleshooting
Used in traffic profiling and anomaly detection

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 46
reserved.
Monitoring Flow Data Example

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 47
reserved.
Traffic Testing Tools
Definition Key Points

Applications that simulate Identify network bottlenecks
network traffic and test the and capacity limits
performance of network Includes packet generators,
components network emulators, and
throughput testers
Examples: Wireshark, iperf,
and NetFlow Analyzer

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 48
reserved.
Traffic Testing Tools Examples

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 49
reserved.
Bandwidth Management
Definition

Techniques to control traffic flow in a network to optimize or
guarantee performance

Key Points

Allocates bandwidth so essential services have priority
Prevents network congestion and ensures fair usage
Methods: Rate limiting and traffic policing
Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 50
reserved.
Traffic Shaping
Definition

Prioritizing network traffic to ensure critical
applications receive their required bandwidth

Key Points

Delaying packets to regulate traffic flow
and reduce congestion
Tools for traffic management: QoS, DiffServ, and MPLS
Ensures high priority services maintain performance

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 51
reserved.
Activity: Two Truths and a Lie
Bandwidth management
Bandwidth bottlenecks is used to control traffic
lead to slow data transfer flow in a network to
rates. optimize or guarantee
performance.

Bandwidth management
tools include QoS,
DiffServ, and MPLS.

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 52
reserved.
Summary
Implement configuration and change management practices
Maintain a detailed network asset inventory with diagrams
Deploy network analyzers for performance and activity insights
Configure endpoints for log collection
Define metrics to monitor network health, traffic, and device
performance

Copyright © 2024 The Computing Technology Industry Association, Inc. All rights 53
reserved.