These are the various network management tools used by network manager to verify network connection, monitor network packets, analyse captured packets, troubleshoot network connectively failure, diagnosing network slow performance and identify source of incident in order to make the network available 24 hours seven days a week.
1.1 Benefits of Network Management Tools
Network manager benefits from network monitoring tools in so many ways as described below
Easy migration from old legacy application to new technologies
For example when network administrator is migrating form a legacy IOS based application to LWAPP using Airwave Management Platform software tool for wireless network management, net work administrator is provided with centralized control for Wi-Fi networks where roaming data and information as well as historical data are kept as airwave gives a common platform to manage the devices. This is beneficial to the network manager because it makes it easy for migration from old legacy applications to new technologies and makes it easy to monitor the network usage all the time
Quick identification of network or server failure when the server of a portion of the network is down, before users get to notice the failure network administrator receives a warm and rectified the fault and providing the network manager with means of monitoring and providing network availability round-the-clock.
Using network-monitoring tool like ipMonitoring with attributes such as such as reporting, user tracking, access point configuration management and rogue AP discovery, network administrator is able to monitor any networked device on the corporate intranet and TCP/IP LAN and receive alerts immediately depending the administrator’s configuration of receiving alerts; this can be received through alarm, e-mail, or third-party software when a connection fails.
Diagnosis and troubleshooting,
Network monitor can be used to diagnose why the server computer is not communicating with the clients computers on the network on a local area network, for example network administrator can configure network monitor to capture all the frames on the network, this includes source and destination address of the computer sending and receiving frames, protocols used as well as part of message sent. Net work administrator analyses this information to locate the source of problem on the network and troubleshoots it.
Checking for connectivity of a computer online for example using ping command to check if a computer is online helps network manager for example when user calls and said they can logon to networked computer to troubleshoot and diagnose the network manager uses ping to find out if the computer in on the network or not. This is beneficial to the administrator because it helps him to identify where the problem is originating.
1.2 Structure of management information
Structure of management information is a network component used in network management which is used in simple network management; its main role is to define set of module identity, object type and notification type. Structure of management information shows how related managed objects such as object names, types of data that can be stored in an object and how its transmission over the network for example action done to retrieve vale of an object with codes
2. Use Datagram Protocol
User datagram protocol is a transport layer protocol that is used to send packets to computers in networked environments. User Data Protocol has the following advantages over Transport Control Protocol
When communicating with two computers on the network, user data protocol doesn’t negotiate connection between the two client computers but just transfers data as it’s received
No Connection State
User data protocol doesn’t maintain and doesn’t keep track of any parameters such as buffers sent, congestion control and rate which data is transfer for example when used in server environment, user data protocol is able to support more active clients if a particular application is run over it because it doesn’t acknowledge packets being sent or received.
Small packet header over head
User data protocol has got a smaller header of 8bytes of overhead making it faster in transferring data
Unregulated send rate, user data protocol doesn’t have congested control mechanism and data is sent at rate, which it has been generated by the application in use for example taking into account the CPU, clock rate at the source of data.
2.1 Applications layer protocol used by User data protocols as Transport layer protocol
Domain Name Service
Is a database like that converts the computers fully qualified domain name that are easy to be remembers such as www.yahoo.com into IP address such as 220.127.116.11. 6 that are then used by computers to connect/ communicate with each other
This is the continuous transfer of video, voice and digital data that is received and showed/displayed in real time for example podcast and webcast
Routing protocol is used to determine which path to be used to sent/ transmit data packets across a network.
2.2 Reasons why UDP is preferred over TCP
Domain Name Service
User data protocol is preferred over transport control protocol because it’s used by DNS for name queries and because the information exchange between UDP and DNS is small in size for example the packet size sent through UDP is not greater than 512 bytes.
Streaming multimedia it’s used by UDP because it compresses audio files in to small packets of data that makes it easy to transmit and continuously streaming and transmitting audio files whenever their audio data drops. This doesn’t break or cause delay on audio broadcast. The streamed data is sent by the server application to the client application stores the stream data the then displays the data received in real time or playing the voice streamed files as soon as it’s buffered.
On routing protocol, User data protocol is preferred because routing table updates are sent periodically and some of the data is lost a long the way and updates need to be resent so it’s up to date on network layer which is impossible with transport control protocol
2.3 Controversial use of UPD in multimedia applications
The use of user data protocol for streaming multiple media application is controversial because user data protocol doesn’t have congestion control which is much needed to prevent the network from going into a state in which less or no work can be done, for example if a users sends high bit rate video are sent without using congestion control, user will be unable to see the video messages because of the packet overflow at the router.
2.4 Adaptive congestion control scheme
One scheme that would force the use of adaptive congestion control is real time communication scheme which has building reliability into applications that will force the use of congestion control, for example in mobile application where congestion control is built though the application run over user data protocol, it acknowledges and retransmit packets that get loss during transmission
Applications that perform congestion control user the network more efficiently for example with bits rates being controlled, the network will not go into a state where it can not be used
2.5 Advantage of Adaptive congestion scheme
Better performance of the network for example in the case of video when small bit are sent and controlled, the performance improves as the bandwidth will be enough to support bit rates
It ensures that all packets sent reach destination
3. Exchange between Dhcp Server and Client Computers
DHCP Server and Client Computers
See Appendix (i)
For clients to receive IP addresses from dhcp servers TCP/IP need to be con figured to get IP addressed automatically on the TCP/IP properties dialogue box.
Dhcp client computers that are configured to obtain IP address automatically request and receive IP configuration upon booting the client computer.
Dhcp clients get IP addresses and other configuration each time the client computers are started and join the network. Dhcp server assigns IP address to a client from a predefines scope for a given duration of time and if that duration expires the IP address is released to the scope and can be assigned to another client but if the duration is longer than the lease time, the client requests for and extension before the lease expires.
3.1 Router and Components
A router is a device that connects one or more computer to create a network environment for example a modem. A router has the following major components
Is the point is direct connection for physical link and it is the point at which incoming packets enters the port. Input port provides functions such as performing the data link layer encapsulation and encapsulation, a route lookup and sending packets to output port via switching fabric as well as proving quality of service guarantees input port classify the in a predefined service level
Output ports stores packets that are forward via the switching fabric and transmits or schedule packets for service on an output link performing both the reverse data link and physical link functionality as done in input port
This connects input ports and output ports
Executes routing protocols, creates and forward routing tables which is used in packet forwarding and performs management functions within the router.
3.2 Internet Protocol version 4
Internet protocol version 4 is the protocol that is widely in use in most corporate networks and it uses network layer protocol and it’s used as internetwork layer protocol on the internet
3.3 Internet protocol version 6
Internet protocol version 6 is the update version of internet protocol version 4 with much more address space. It’s mostly used on the internet bone in Asian countries.
Protocol Structure of an IPV4 header
See Appendix (i)
Protocol Structure of an IPV6 header
See Appendix (iii)
Due to the depletion of internet protocol version four and lager routing tables, internet version 4 has been updated to version 6 that provides better security, more address space. This has made internet version 6 more advantageous in some ways as discussed below.
Internet protocol version 6 address space
3.4 Advantages of internet version 6
Internet protocol version 6 has got more address space as compared to internet version 6 for example version 6 has got 128-bit address space which allows for flexible creation of multilevel, hierarchical and routing infrastructure which is not that possible with internet protocol version 4
Internet protocol version 6 has got in built security which is standard and mandate, it’s offered in all implementation and has no changes the application, for example security features such as authentication on packet signing , data encryption and end-to end DHCP, DNS and IPv6 mobility is provided for in security model.
4. Wired Equivalent Privacy
WEP is the short term for Wired Equivalent Privacy for a security protocol used in wireless local area network that operates at a data link layer and has a security that can be turned of and on again as defined in 802.11b standards. This standard has been set by the Institute of Electrical and Electronics Engineering
The main aim of Wireless Equivalent Privacy was to provide security via 802.1wireless network where data is sent from one end point to another. For example Key security features of WEP was meant to offer the following
Wireless Equivalent Privacy is used to prevent data transmitted on the network from being eavesdropped by some whom the information is not meant to be communicated.
Unauthorised access to wireless network
Wireless Equivalent Privacy used to prevent unauthorised access to the network
Data integrity, to prevent the alteration of data being transmitted
4.1 Advantages of Wired Equivalent Privacy
WEP uses a 2.4 gigahertz radio frequency which provides clear signal for it’s lower than other frequencies and can travel through wall without affecting frequency.
WEP is relatively cost effective for example the cost of a router and Wi-Fi card is normally below £55 which makes it cost effective for both big corporations, and home users
4.2 Disadvantages of Wireless Equivalent Privacy
Static encryption key which is used by all the devices on the network make it very easy for packets to be intercepted and crack what the key is making it very vulnerable to hackers. For example when a router is set up on the network, the encryption used by the router is then used by almost all the device on the network
Weak keys made it easier for it to guessed and cracked when used at the access point
Initialisation vector in WEP is also ways reused, for example if a user who connects with WEP to access wireless network uses the same key over and over changes, this key can easily be cracked
WEP has its algorithms sent in plaintext which makes it a lot easier for key streams to be determined
4.3 Difference between WEP and WPA
Wireless Equivalent Privacy standard 802.11 and Wireless Fidelity Protected Access are different in so many ways for example
WEP uses 128bit with 24 integrity value, while WPA used 128 bite with a 48 bit integrity value.
WPA has features such as Temporarily Key Integrity Protocol which dynamically changes the keys used for encryption while Key in WEP are static and is shared by all device on the network.
The combined used of 48bit integrity values and TKIP, AES makes WPA more security strong as compared to WEP.
Weak keys made it easier for it to guessed and cracked when used at the access point.
Initialisation vector in WEP is also ways reused for example if a user who connects with WEP to access wireless network uses the same key over and over changes, this key can easily be cracked.
WEP has its algorithms sent in plaintext which makes it a lot easier for key streams to be determined
These weaknesses among others called for a better standard to be adopted which will provide wireless network with better security and this led to the improvement of 802.1 to WPA.
4.4 Wireless Fidelity Protected Access
WPA stands for Wireless Fidelity Protected Access for local area network base on the specification of 802.11. This standard was designed to improve on the security weakness of Wired Equivalent Privacy.
4.5 Advantages of WPA
WPA provides added authentication features to basic WEP which provides for stronger encryption mechanisms. The added features includes Advanced Encryption standards protocol as used in WPA2, Temporary key Integrity Protocol as used in WPA.
When use in windows 2003 environment, WPA provides the strongest wireless security.
WPA has back ward compatibility for older applications that use WEP this doesn’t call for upgrade.
The use of 802.1x Radius servers provides administrators with means of auditing and logging incidents.
4.6 Disadvantages of WPA
The set up of the pre-shared key is difficult and it not beneficially to home users with less technical knowledge.
It has more over head as compared to WPE.
It’s incompatible with pre 1998 windows operating systems and doesn’t support older firmware.
Its major fall is the denial of service attacks which can leave the whole network shutdown due to constant different keys that are generated and interpreted by the network as some kind of attack.
4.7 Comparing WPA and WEP features
WPA has enhanced featured that is based on WEP standard. The features in WAP include temporarily key integrity protocol and 802.1 x. This features provides dynamic key integrity and mutual authentication to most wireless local area networks
48-bit initialisation vectors
Like Wireless Equivalent Protocol, Temporal Key Integrity Protocol uses the RC4 stream cipher provided by RSA security for frame body decryption and CRC for each frame before transmission but the difference here is that WPA has added feature Temporal Key Integrity Protocol that uses a 48bit initialisation vectors that has reduced the re-use of initialisation vectors. This has brought about data confidentiality.
While WEP encryption is based on 128bit with 24 integrity value, which means the keys are of smaller size and integrity value making it easy for hackers to crack the keys as the initialisation vector seeds to WEP algorithm coded, this feature has been enhanced by the 48 bit integrity vector in WPA. Data Encryption When data packets are sent, it encrypted separately with RC4 cipher stream, generated by b4 bit RC4 key, the key consist 24 bit initialisation vector
Pre-Packet key Construction and Distribution
WPA generates a new encryption key automatically for each client, for example WPA uses unique and different key for each 802.11 frames and avoid the use of same key as in WEP. This automatic key generation makes it impossible for WPA keys to be cracked by hackers While in WEP the same key is shares by all the devices on the network is static which means due it it’s unchanging nature, it’s a lot easy for the shared key to be modified
Message Integrity codes
The use of Michael prevents against attacks and forgeries, WPA uses a secrete 648bite authentication key that will be shared only between the source and destination where during the process of authentication tagging function takes place and message integrity code. For forgeries to be identified, the destination receiver inputs source into verification predicate and creates another tag code and it this both matches then the message is considerers authentic is created to detect bit flipping and changes to the source and destination.
Unlike WEP that uses 4 byte integrity check value to the standard payload. The receiving client calculates the integrity check value and if the values do match then there is a chance that frames were not tempered with and in case data
Counter mode/ CBC-MAC
This is a data confidentiality protocol used for packet authentication and data encryption. For confidentiality for example CCMP uses the advanced encryption standards in counter mode and for encryption and data integrity CCMP deals with Cipher Blocking Chaining Message Authentication Code making this standard more secure as compared to WEP which has got no encryption mode
EAP encapsulation over LAN, this is the key standard use n key exchange that is not used in WEP for example this protocol allows for a four way key handshake as well as a group key handshake while in WEP there is only a two way key handshake.
The IEEE802.1x as used in WPA2 provided a sure means of authenticating and controlling user traffic to secure networks
5. A Disaster Recovery Plan
Is the process of restoring access to the main business applications, data, hardware and software that is required to start the system operational, Disaster Recovery Plan provides information on how to handle information that may be lost or corrupted during the disaster as well as proving team leaders with procedures of restoring information and data.
5.1 Major steps in disaster recovery process
This is the action taken by disaster team members as soon as emergency occurs. In the notification stage, systems can be restored functions on a limited basis. For example in a data centre when database team leader receives alert on his/her computer that a file within the database is corrupt, this alert can be sent to the team assessment team either automatically by the system or mailed to the assessment team to analyse the damage
Analyse the extent of the damage
The analysis of the damaged cause should be done as soon as possible to determine the level of damage to the applications for example if it a power outrage has occurred in the data centre, the analysis should be able to detailed the applications affected, origin of the incident, work areas that have been affected and if there is another source of power to run the database the this can be powered on for example in case there is UPS backup while further investigation in the outrage is carried
Activation of the plan
Depending on the damage cause by disaster and the out come of analysis, the disaster recovery team can make a decision to activate the plan. For example in the case of data centre if the entire database server is down, the team looks at the possible way that the system can be restored with a minimal time, planning for team communication procedures, then the respective team leaders will notify staff members about and start working on their respective tasks to restore the system as agreed by the team members.
Recovery process at this stage can be looked at under Sequence of Recover activities and Recovery procedures and depending on what has been defined in the data recovery plan for example in case of ordering database, this can be done manually while recovery process is done
Sequence of Recovery activities
Recover process should be carried out according the priority of each disaster and level of disaster damage from the results got from the analysis. For example if the database sever is recovered and this is the main critical business system, then this should be restored first before other servers and all the disaster recovery team should carried out the restoration process as in the disaster recovery plan,.
If the business has to be transferred to another site then the critical files associated with the service has to be transferred depending on the plan. For example a plan to transport IT equipment and important data files.
This includes having access to the damaged IT equipment in case of the data centre this could database servers, corrupt files, informing users of the applications, getting backup if it’s not in house, restoring critical systems such operating systems, SQL database, testing the system before if goes operational and connecting the system on the network and informing uses of the application of the success of the restoration.
Ones the recovery process has been usefully, the disaster team recovery embarks on the process of transferring all the data recovered back to the original system, or may be totally system that can best support the functionality of data service being offered. The disaster recovery team will continue to monitor for any reoccurrence of incidents, make the necessary network and infrastructure connections, bring down the contingency system upon which the application was running and when the all system is stable the data centre staff can be able to use the original system after full restoration of data
Update the disaster recovery plan
If new procedures are find out during the process of recovery, it‘s updated on the recovery plan documentation which will be used again in case the same disaster occurs again
5.2Business Continuity and Disaster Recovery Plan
The IT business continuity and disaster recovery plan for the IT department that I currently work in seeks to deal with the how best to handle emergency in the event of disasters and how best to minimise risk of damage, provide emergency services and recover to normalcy of service operations
The Business Continuity Institute defines business continuity planning as “A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities”
5.3 Aims of Business Continuity Planning
Preventing a disaster
At the initial planning stage, the critical areas of service operation of Information Technology is identified, for example within the Information Technology department where I work, servers for crucial systems, hot sites and training of the disasters team leaders are laid down. This initial planning stage is carried out with the aim of minimising the impact of disasters on Information technology resources and services; this also ensures that the department is able to recover as fast as possible from a disaster.
The procedure of running a Information services using minimum resources during a disaster, this prevents the organisation from being put out of services both internally and externally. For example running applications for only crucial systems to continue operation while recovery is on the process
The procedures that are required to restore all systems and resources are identified. This helps in bring all the resources and system to full operation, for example backing up data from off site centre.
5.4 Contingency Plan activation
The activation of the organisation’s IT service continuity plan can be started at any time.
The decision of activating the plan will be the sole responsibility of Estates and Security department with the assistant of officer in charge and contingency plan can not be started without the instruction being issued by Estates and security department with assistance from the Officer in charge.
In case emergency occurs during business working hours, members of disaster recovery team will be gathered and depending on the level and mature or damage the Information technology team will be contacted If the emergency occurs out of business working hours, security is required to call the head of security or his/her deputy who will get in touch with the disaster recovery team with the help of the officer in charge and then the decision to initiate the Information communication technology business continuity plan
If the team leaders are not available in the event of the emergency the deputy will take the responsibility and in the event where both the team leader and deputy are not available, next person on the list takes responsibility.
5.5 Emergency Management Team
Head of information Technology department who is responsible for over seeing all the information system services
Deputy team leader: Systems Manager
Responsible for all the systems applications such as the servers, back up and liaison between the off sites third party centres
Team member: Database Administrator
Internal databases and well as internal sites
Ensure that a domain account has been set up for the SQL services.
The admin backup and standard jobs from SourceSafe InstallationSQL Server 2000
Customise the jobs to ensure that server names and paths are correct
Team member: Information Technology Security officer
Responsible for the security of the internal sites and well as blocking unsafe sites
Team member: Network Engineer
Responsible for network connectivity and test our network devices from within our network
Run test network script using DOS command
Test access to the web services
-Use government secure intranet network PC or dial-up PC belonging to web team in OCPD to check connection to all websites
-Use nslookup to connect to wb-dns1 internal to the organisation and check that website names can be resolved
-An email should be sent to email@example.com and echo. These should respond by sending an email back
5.6 Disaster Recovery Plan
Is the process of restoring access to the important system data, hardware and software that is required to start the system operational, Disaster Recovery Plan provides information on how to handle information that may be lost or corrupted during the disaster as well as proving team leaders with procedures of restoring information and data.
5.7 The main Objectives of the Information Technology Recovery Team
The Recovery Teams main duties/ task are to:
Prevent damages to Information Communication Installations
Decide the requirements of senior management for other Departmental Recovery Teams and work accordingly to meet the requirements.
Carry out tasks that lead to the provision of restoring all Information Communication service to normality as started by the Recovery Team within the disaster constraints or limits.
5.8 Disaster Recovery Team
Team leader: Head of Estates and Security
Responsible for the safe of the building as well as staff and members of the public
Deputy team leader: Site Contractor
Responsible for building and central service
Team member: Head of security
Responsible for staff and public safety
The recovery site will be informed by the Information Technology Departmental recovery team leader and the assistant by Disaster recovery Team in case the team leader is absent. The site is located about 3 miles a way from the organisation, In case of serious incidents, the site can be contacted by information recovery mobile phone.
With regard to the following case scenarios below, the disaster recovery team can take actions base on case scenario that is relative to the real disaster. It’s the organisations policy that when incidents occur, staffs are evacuated from the building and entry to the site is not permitted unless staff members are informed by head of Estates and Security.
6.1 Case Scenarios
These case scenarios may include:
- Disaster in the staff car park not affecting the building
- Gas licking the building basement
- Suspicious package found in the public lockers
Building is partly destroyed
Scenarios in this case may include:
- Flood affecting the whole building
- Apart of the sever room that supports site B of the building is partly destroyed
- A part of fame room in site A where frame cabinets E8a and E8b are located is partly destroyed.
- IT store room is also partly affected.
Building is completely destroyed
Scenario in this case is:
- Server Room on site A of the building including cabinets room E1 and E2 are completely destroyed.
6.2 Building Non-disruptive
In these case scenarios, all the information technology equipment are not destroyed. The disruption did call for evacuation of staff for healthy and safe issues and as soon as the build is cleared safe, staff members will be allowed in and operations will resume.
6.4 Building is partly destroyed
In these case scenarios, some IT equipment are affected partly, it may escalate to a major for example the part destruction of server room in site A and the cabinet room where E8a and E8a may cause staff on this site to loss access to network resources. Here nothing can be done till staff members are not allowed to enter the building. Ones members are allowed in the building, all the equipment in the area affected can the