7A Flashcards
Why is it important to monitor networks?
When networks fail, the flow of information required by applications and business operations stop.
What does “NMSs” stand for?
Network monitoring systems
What do “NMSs” do?
Monitor the network for problems caused by overloaded or crashed
servers, network connections or other devices
An NMS is used by network administrators typically to monitor what?
- Availability of network services
- Functionality of network interfaces
- Status of critical hardware systems, CPU, memory, or bandwidth
- Service or device availability: Is service or device up and responding to requests?
- Network response time: How fast is each request processed?
- Network route analytics: What network routes do requests travel through, which hops exist between client and server, are routes optimal?
What is the purpose of an “NMS”?
- Identifies and sends out alerts regarding issues affecting availability or functionality of network services.
- Assist to ensure critical systems in network are available and
functioning properly.
What are some examples of suspicious activity that an NMS might find?
Suspicious activity may include network scanning, multiple connection
attempts to a network device from an unknown entity, or other reportable activity detected at any level.
What are some examples of intrusion activities that an NMS might find?
Intrusion activity may include the presence of unusual or excessive activity on the network, or unauthorized individuals gaining full (root) or limited (user) access to a network device or information system.
What are some tools that fall under NMS?
Intrusion Detection System (IDS), and Simple Network Management Protocol (SNMP.)
What are the five basic functions that NMS provides?
- Discover
- Map
- Monitor
- Alert
- Report
What does the discover function of NMS do?
First function is to find devices (routers, switches, firewalls, printer, etc. ) on the network and if it can, determine how they are connected.
When a network monitoring system completes the discovery process, it
automatically assigns what?
it automatically assigns an appropriate device role to each discovered device on the discovered device list
The device roles assigned by NMS discovery function are ____ and ____ specific. (For example, what you monitor on a Cisco Router will differ from a Dell Server.)
type and vendor specific
What does the map function of NMS do?
This function is to visualize your network. This is done by generating network maps.
Network maps provide what?
They provide a clean and orderly representation of the wiring closet. Network maps display devices and up-to-date status.
Many NMSs require a significant amount of _________ to create a network map.
Manual processing
What does the monitor function of the NMS do?
This function keeps an eye on your network.
NMSs provide _______ device roles that define what to monitor.
turn-key
NMSs expose network administrators to a large selection of _________.
monitors
As a starting point, network administrators want to monitor the “big
5” for any device on the network. What are these 5?
- Ping activity and latency
- CPU
- Memory
- Disk
- Interface utilization
A _____ is one of the most basic techniques that monitoring
software uses to test devices within a network.
ping
Most network monitoring tools provide monitors for other hardware components like the ____ and ________ supplies in a switch, and even monitor the temperature in a wiring closet.
fans and power supplies
Most network monitoring tools can also monitor network
services like….?
HTTP, TCP/IP and FTP
The NMSs alert function notifies network
administrators when…?
Notifies administrators when something goes
wrong.
___________ alerting enables network administrators to respond to problems before they impact users, or applications.
Threshold-based alerting
__________ is an automated messaging system that sends messages
when an event affects a network device.
Syslog
What does the alert function of the NMS do?
The NMSs notify network administrators when something goes
wrong.
Some NMSs let network administrators configure _____________ when alerts are suspended. For example, to save energy costs, shut printers down at night.
blackout periods
What does the report function of the NMS do?
This function deals with real-time and historical reporting.
The report function of NMS enables network administrators to:
- Validate that network designs are delivering the desired results
- Expose trends that could impact the ability of the network to deliver the performance demanded by users, applications, and the mission.
- Isolate and fix performance problems quickly
NMSs report function delivers monitoring information in webpages called _________.
dashboards
Dashboards are made up of ___________. For example, a top 10
CPU utilization view or a Top 10 Memory utilization view.
turn-key views
In the NMS report function, network administrators can do what?
- Scan summary dashboards to assess the health of the entire network and then drill down with detailed dashboards of specific devices and monitors to quickly isolate performance problems.
- Create dashboards for the Help Desk, and counterparts managing systems and applications.
What does IDS stand for?
Intrusion Detection System
What does an IDS do?
An IDS detects anomalies with the aim of catching hackers before they do real damage to a network.
How does IDS look for signs of attack in progress?
They scan, audit, and monitor the security infrastructure
IDSs work by either looking for signatures of _______ attacks or ________ from normal activity. An IDS is placed on the network to monitor the traffic traversing it. This technology alerts system administrators an attack may be happening.
IDSs work by either looking for signatures of known attacks or deviations from normal activity. An IDS is placed on the network to monitor the traffic traversing it. This technology alerts system administrators an attack may be happening.
What does SNMP stand for?
Simple Network Management Protocol
What protocol is one of the most widely used for monitoring?
SNMP
What does SNMP do?
It is a standard protocol that collects data from almost any network attached device, including routers, switches, wireless LAN Controllers, wireless access points, servers, printers and more.
SNMP works by querying what?
“Objects”.
What is an object in SNMP?
An object is something that an NMS collects information about.
The key functions of the SNMP management tool
include what?
- querying agents
- getting replies from agents
- establishing variables in agents
- recognizing asynchronous events
Within the NMS, the ________ is responsible for establishing
communications with SNMP agents.
SNMP manager
How does NMS and SNMP work together?
The NMS navigates and manages the system, compiling, storing, and requesting status information; the SNMP software agents respond to its requests.
SNMP software agents and NMS communicate via the _____________________.
SNMP common language
The SNMP common language can provide….?
key information on configuration changes and statuses
What does MIB stand for?
Management Information Base
The Objects queried by SNMP are maintained in a….?
MIB
What does MIB define?
A MIB defines all the information that is exposed by the managed device.
The objects in a MIB are cataloged using a standardized….?
numbering system
Each object has its own, unique ___________.
object identifier (OID)
What is an MIB browser?
An MIB Browser allows network administrators navigate thru an MIB to find additional objects that they want to monitor on a device.
Combined with a network management system, SNMP lets you….?
View, monitor, and manage the nodes via one interface. This interface usually has batch command and automatic alert functionalities, stripping away the need for grueling, manual tasks.
