Managing Network Device Security

Advertisements

What is Single Point of Failure?

An individual device within a network infrastructure or an individual component within a specific device whose failure would cause an interruption of service.  In computing, single point of failure identified and resolved through redundant and high-availability clusters. For example, upon server failure, another server immediately assumes lost functions and roles.

What Things Are Of Risk of SPOF

Computer Systems/Servers

Networks

Storage Devices

People (If I deploy a  Network/Servers and no other one knows that how I do that within all my department or in Organization, then I would also be a single point of failure)

 Security Approach Against SPOF

Fault Tolerance

The ability for an individual device within an environment to remain operational in case of failure or element arranged so that, in the case that a device is not able to work, a back-up element or process can instantly take its place with no loss of service.  Dual CPUs, Dual Power Supply, Dual Network Interface Card, Redundant Hard disks, Power UPS and number of trained peoples are examples of Fault Tolerance.

Storage Redundancies

RAID

Redundant array of independent disks (RAID) is a method of storing duplicate data on two or more hard drives.  There are several RAID types:

RAID Types

Disk Striping

 RAID 0 is a standard RAID.  It also called disk striping.  However, it is not redundant normally used to increase the performance of systems that rely heavily on RAID for their operations. It is also used to create a few large logical volumes from multiple sets of smaller capacity physical drives.

RAID0 (Disk Striping)

 Disk Mirroring

It is also called RAID-I.  Disk mirroring is a form of disk backup in which anything that is written to a disk is simultaneously written to a second disk.  If a physical hardware failure occurs in a disk system, the data is not lost, as the other hard disk contains an exact copy of that data. Disk mirroring can be done either hardware or software based.

RAID1 (Disk Mirroring)

 Disk Duplexing

Disk duplexing is a variation of disk mirroring in which each of multiple storage disks has its own SCSI controller.  Mirroring provides data protection in the case of disk failure, because data is constantly updated to both disks. However, redundant controllers enables continued data access in case of one of the controller fails.

disk duplexing

 RAID-5

RAID-5 is a block-level data striping and distributes parity to all the disks. There is still some overhead during parity calculations, but since parity is written to all disks, no single drive can be considered the bottleneck, and I/O operations are spread evenly across all drives. RAID-5 requires at least three and usually five disks for the array. It’s best for multi-user systems in which performance is not critical or which do few write operations.

RAID 5

 RAID-6

This type is similar to RAID-5 but includes a second parity scheme that is distributed across different drives and thus offers extremely high fault- and drive-failure tolerance.

RAID 6

 RAID-10

Combining RAID-0 and RAID-1 is often referred to as RAID-10, which offers higher performance than RAID-1 but at much higher cost. There are two subtypes: In RAID-0+1, data is organized as stripes across multiple disks, and then the striped disk sets are mirrored. In RAID-1+0, the data is mirrored and the mirrors are striped.

RAID 10

Simple Network Management Protocol

SNMP: Simple Network Management Protocol

SNMP is used for monitoring of network devices, collects logs and health statistics of different device nodes. SNMP data can be collected on a centralized NMS (Network Management System), the collected data can be plotted for a better representation of the overall network health. SNMP collects all of its data via SNMP Pooling and SNMP traps. Some famous SNMP supported NMSs are IBM Tivoli, PRTG and MRTG grapher. Many free SNMP based software is also available in the open source community.

Quick Facts about SNMP:

  • SNMP Poll uses UDP 161
  • SNMP Trap uses UDP 162
  • SNMPv3 allows username authentication and packet encryption
  • SNMP Inform requires packet acknowledgement, while SNMP Trap does not
  • SNMP versions: SNMPv1, SNMPv2c & SNMPv3

SNMP MIB (management information base) : SNMP MIB specifies all the elements that can be managed via our NMS or network monitoring tool.

SNMP Configuration in GNS3

Suppose, we are setting in a NOC (Network Operations Center). Our network is up and running, our task is to configure an SNMP based NMS to monitor our Core Network Router (R1), which is critical for our network operations. We are using a very popular NMS, known as PRTG (Packet router traffic Grapher). PRTG is a very popular used NMS, very good, efficient and excellent graphical interface, which gives us a very remarkable view of our critical network elements.

The simple flow of the topology is as follows:

A 2691 router is connected to a cloud (in GNS3, Cloud is used to connect the router to our PC physical interface). PRTG NMS has been configured on PC1 (local host). The topology is given below:

 router snmp

The IPs used:

  • Fast Ethernet 0/0 ( R1) : 192.168.0.99/24
  • NMS PC1 IP : 192.168.0.100/24

SNMP enabled via the following commands on R1:

We need to configure a community string (community string is a sort of snmp password) for our snmp server on the router, in our case as we are using community string “PRTG” (using PRTG as the community string for simplicity):

 snmp-server community PRTG RW

Above command, simply means that we have enabled PRTG as a password for our snmp-server. You need to use this password while configuring the SNMP settings on your NMS, in our case its PRTG. In the next step we are going to set our SNMP server host address:

R1 (Config)#snmp-server host ?  (Hostname or IP/IPV6 address of SNMP notification host HTTP address of XML notification host)

http://<Hostname or A.B.C.D>[:<port number>][/<uri>]

Host means our SNMP server IP address, in our case it is: 192.168.0.101/24.

And you can also select which version of SNMP you want to use by:

 R1 (config) # snmp-server host 192.168.0.101 version ?

1 use snmpv1

2c use snmpv2c

3 use snmpv3

We have done our configuration on PRTG server and have enabled the monitoring of Fast Ethernet 0/0 interface of R1. The NMS output can be shown as:

prtg server

 In the above example we have configured our NMS to monitor R1 Health and R1 Fast Ethernet 0/0 interface status. The sample outputs from NMS are:

graph 1

Some more amazing graphs:

 snmp graph 2

All the logs related to our above simple network are maintained:

 snmp log

SNMP Packets:

To check SNMP in action, we can use: debug snmp packets command. The sample debug output for above network is:

 snmp log

SNMP is the most interesting topic to study and configure, you can download many propriety and open source SNMP based NMS tools from internet to experiment with.

What is VLAN?

What is VLAN?

I know that many of my students already know the answer to the question “What is VLAN”.  But here I am giving out a definition for those who want a deep dive into the theory of VLANs.  A VLAN is a logical grouping of switch ports and broadcast domains created by them.

 Why we need VLAN?

On a traditional/flat switching network, what if we have four nodes connected with one switch?Four PCs with One Switch

The above diagram is showing that, switch is connected to four computers. These systems are able to communicate with each other and are on same broadcast domain.  This means if one computer sends a broadcast, all other devices connected will receive it.  In small networks, broadcast might not be a big issue.  However, as the size of the network increases, broadcasts would become a big issue.  Another major concern is security. In the above network, all users are able to see all devices.

Example of VLAN

Now you can see in above scenario just with the logical grouping of the switch ports or creation of two VLANs, we have two broadcast domains. This means that if any device in each VLAN sends out a broadcast, it will propagate out only the ports in which belong to that same VLAN.  This has benefits for network management and network security.