Network management/policies Flashcards
Incident Response Plan
Contains set of instructions to help network and system admins detect, respond to, and recover from network security incidents.
-cyber crime, data loss, and service outages that threaten daily work.
Business Continuity Plan
Document that outlines how a business will continue operating during an unplanned disruption in service.
-more comprehensive than disaster recovery plan and contains contingencies for business processes, assets, your human capital and business partners, and all other business aspects that might be affected.
System Life Cycle Plan
Describes approach to maintaining an asset from creation to disposal.
-5 phase lifecycle:
Planning, Design, Transition, Operations, and Retirement
Data Loss Prevention
Used to ensure that end-users do not send sensitive or critical information outside the corporate network.
Acceptable Use Policy (AUP)
Admin controls
-set of rules the restricts the ways a network device can be used and set guidelines on how it should be used
Non-disclosure agreement (NDA)
Memorandum of Understanding (MOU)
Service Level Agreement (SLA)
Admin controls
-contract between a service provider and end user that defines the level of service expected from provider. (Specifically defines what the customer will receive like faster response times)
NetFlow
Defines a particular traffic flow based on the different packets that share the same characteristics
Flow analysis
Relies on flow collector to record metadata and statistics about network traffic rather than recording each frame
-highlights trends and patterns
Zeek
Passive monitors a network like a sniffer, but only logs full packet capture data of potential interest
MRTG
Multi Router Traffic Grapher
-creates graphs showing traffic flow through the network interfaces of routers and switches by polling the appliances with SNMP
Rollback Plan
Purpose is to document at every point during deployment of a change or upgrade where you can stop the deployment and return to a known good state.
Disaster Recovery Plan
Documented, structured approach that documents how an organization can quickly resume work after an unplanned incident.
-natural disasters, power outages, cyber attacks, and other disruptive events.
Condition/Severity Levels
0 - emergency - system is unstable
1 - alert - condition that should be corrected immediately
2 - critical - failure that needs immediate attention
3 - error - something happening preventing proper function
4 - warning - error may occur if action not taken
5 - notice - events are unusual
6 - information - requires no action
7 - debugging - info for developers as they are debugging
Troubleshooting methodology
- Identify problem
- Establish theory of probable cause
- Test theory
- Establish a plan of action to resolve problem and identify potential effects
- Implement solution or escalate
- Verify full system functionality and implement preventative measures(if possible)
- Document
SNMP
-Used to send and receive data from devices to centralized network management station
-Granular
—trap messages get unique object indentifier (OID) for manager to distinguish each message.
—stores OID information in a translation file called MIB (Management Information Base)
—manager only needs to see OID to look up information instead of alert information being contained in the trap.
—prevent redundant info and uses less bandwidth
-Verbose
—all messages sent from one device use the same OID
—alerts as payloads
—simple key:value pair (variable binding)
SNMP TRAP
Enables managed device to send out alerts to SNMP manager. These traps messages concern the failure of the monitored device, maintenance issues, etc.
INFORM message sent from manager in reply to trap message
SNMP WALK
Chain of multiple getnext commands essentially goes through a MIB tree from OID to OID pulling information
SNMP GET
Main method used to request information from a service agent on a specific object identifier.