Network Management

• Documentation
• Management Tools
• Administrative Costs
• Troubleshooting
• Planning Upgrades/New Installations

• Planning
• Data Security
• Threats to Network Security
• Physical Security
• Viruses/Worms

• Types of Disasters
• Preparing for Disasters
• Disaster Recovery Planning

Documentation - Document Everything! - Update!

• Client Types and Settings
• Location of system
• Type of system - down to serial numbers
• System hardware configuration - include types, sizes, and all settings
• Network Interface Card settings - including address
• System software configuration - include license audit, software versions and settings, and client software with protocol configurations
• Server Types and Settings
• Location of system
• Type of system - down to serial numbers
• System hardware configuration - include types, sizes, redundancy, and all settings
• Network Interface Card settings - including addresses with subnets
• System software configuration - include license audit, software versions and settings, and dates of software installations
• Network Operating System configuration - including all bug fixes and patches
• API's - settings and dates installed
• Facility Audit
• Hubs, routers, etc. - with types, locations, supported protocols, associated port locations
• Network Map - cable runs, types of cable, terminating points, etc.

• Server Monitors - performance monitoring
• Memory available - page faults
• CPU utilization
• Disk space free
• Disk transfer rate
• Error rates
• Network Monitors - track information about the network
• Client/Server-based
• MIB - Management Information Base - text file on host being monitored for each element being monitored
• SNMP - Simple Network Management Protocol
• Queries devices about their status, referring to MIBs
• UDP (User Datagram Protocol) - connectionless protocol used to pass information from the client to the server
• Messages - sent through port 161
• Traps (alerts) - sent through port 162
• Network Probes - network analyzer
• Stand-alone device (typically)
• Deployed on segment being monitored
• Used to measure data traffic patterns and determine the cause of any major bottlenecks
• Packet Sniffers - intercepts all packets on a network
• Can be used to analyze network traffic
• Can be used for hacking/cracking!
• Filters can limit data to only that which you want to see

• Can be biggest cost of computer ownership
• Can be minimized through system configurations and administrative software tools
• Standardize account management
• Standardize software through licensing
• Apply ALL patches and updates
• Document, document, and document…

• Know your network (i.e., document!)
• Have tools in place to resolve problems
• Centralize support
• Use the Web for information
• Pay attention to updates and patches
• Anticipate questions prior to support calls
• Determining the problem can be more difficult than solving the problem

• Needs analysis - identify requirements
• Plan layout and identify infrastructure (conduit, etc.) requirements
• Plan implementation
• Implement system (in parallel, if possible)
• Test implementation
• Solicit feedback

Planning

• Securing Against Intrusion
• Keeping unauthorized people off
• Limiting authorized people to specific resources
• Protecting Data from Loss
• Denial of Service
• Physical Security
• Protecting Systems from Viruses
• Threat Analysis - systematically identify threats and rate seriousness of each one
• Security vs. Cost
• Productivity - cost of implementing the security system versus cost of recreating lost or compromised data
• Administration - cost to implement the security system in the first place versus cost to restore the system
• Legal Liability - privacy-based liabilities with system versus privacy-based liabilities without the system
• Stress that Security Benefits Users

• Keeping Unauthorized People Off
• Primarily exploitation of loopholes - install all security patches and bug fixes
• Set up user accounts for everyone who needs one
• Use secure passwords
• Change passwords frequently - require password change on first use
• No dictionary words or easy to guess dates or numbers
• Passwords should be at least 8 characters long and use punctuation, numbers, and/or different case characters
• Impersonation - usernames and passwords obtained through packet snooping via a sniffer program
• Password crackers - attempt to decrypt passwords
• Sharing passwords is a violation of PA state law!
• Limiting authorized people to specific resources
• NT - set rights and permissions for individual users and groups
• Individuals are assigned to one or more groups
• Novell - rights set for organizational units (OU's)
• Individuals are assigned to a single OU at a time
• Home Directories - each individual may be assigned a private directory on the LAN server in which personal files may be stored and (hopefully) backed up
• Shared Files
• Each individual may have a "public" directory which other users may access; owner has read/write access while everyone else has read-only access
• Common Directories - individuals within a group or organizational unit may be assigned a shard "common" directory in which all members have read/right access
• Applications and System Files - stored on secured areas on the server; only the system administrator has right access to these areas

• Device Impersonation
• Spoofed packets appear to be valid causing unwanted behaviors within the network - e.g., Multiple DHCP servers - many networks use Dynamic Host Configuration Protocol (DHCP) to provide hosts with an IP address and an explicit default router - if a second DHCP server becomes available the entire network may stop working since DHCP requests are going to the wrong location
• Denial of Service (DoS) Attacks
• TCP SYN Flood - memory is allocated for stream of TCP connections leaving no memory for other functions
• Limit number of TCP connections a system will accept
• Shorten the time a connection stays half open (i.e., the SYN packet opens the connection; but the connection is never fully established)
• land.c Attack - used to launch DoS attacks against various TCP implementations - sends a TCP SYN packet with the target host's address as both the source and destination, causing some systems to hang
• Ping Bomb - constant stream of large ICMP (Internet Control Message Protocol) ECHO request packets exceeds the receiving system's ability to respond
• Ping of Death - exploits the fragmentation vulnerability of large ICMP ECHO request packets - illegal packets (larger than 65,507 bytes) are sent to a system which doesn't know how to handle them)
• SMURF Attack - a large number of spoofed ICMP ECHO request packets are sent to broadcast addresses which broadcast across the network - all systems respond to the spoofed address
• UDP (User Datagram Protocol) Flood - spoofed UDP packets are used to flood a target system
• Distributed Denial of Service Attack - multiple systems are rigged to simultaneously send spoofed packets to a host system which tries to respond to the spoofed address

• Kids at Play!
• Secure Everything Possible
• Hubs, Routers, etc. - in locked closets
• Servers - in climate controlled (at least somewhat) rooms

• Malicious Code - self-perpetuating viruses attached to another program, worms which spread themselves, Trojan Horse "payloads", logic bombs
• Always keep backup copies of your data files (e.g., term paper files, spreadsheets, etc.).
• Always run up-to-date virus detection software
• Never open executable e-mail attachments (especially from someone you do not know)!
• Enable Macro Virus Protection in all software utilizing macros (e.g., Microsoft Word, Excel).
• Web Browsers - allow easy downloads of malicious software; only download from reputable sites
• Macro Viruses
• Melissa - once infected via a Word macro, uses Microsoft Outlook to mail itself (along with the most recently open Word document) to the first 50 names in each address book

Subject: Important Message From (your name here)
Text: Here is the document you asked for ...
• ColdApe - macro virus which infects Visual Basic script files and continues infecting all files as they are used even if the original macro is cleaned up
• Worms
• Happy99 - displays fireworks on screen and attaches itself to various system files - attaches itself to all messages sent from infected machine
• Windows ExploreZip.worm - malicious worm sends itself as email attachment zipped_files.exe with personalized message -if executed, program deletes all Word, Excel and PowerPoint files
• Trojan Programs
• NetBus, Back Orifice - client/server software which allows others to control yout computer - server portion can be attached to games or stand alone executables - once infected, anyone with the client software can control the infected machine
• BuddyList, PennyTools, W95 Trojan.Cool - AOL password stealing programs which mail the passwords to various accounts (e.g., xyz@Hotmail.com)
• Program Viruses
• CIH/Chernobyl - infects executable files as opened - some strains activate April 26th, some on June 26th and some on 26th of every month - if activated, virus wipes hard drive and tries to flash BIOS
• W32/KRIZ.3862 - polymorphic virus attempts to erase the computer’s CMOS and disk when an infected file is run on December 25 - attempts to flash BIOS

Types of Disasters

• Event-Related - power, water, natural disaster
• Breakdowns - equipment failures, cut cables, etc.
• Behavior Problems - students, hackers/crackers…

• Backup Schedule -full vs. incremental
• Off-Site Storage
• Backup Hardware - speed, reliability issues
• Real-Time Protection - RAID and other redundancy

• Include Academic and Administrative Functions
• Plan for Total Failure
• Hardware Resources
• Software Resources
• Personnel
• Document, document, document…