Network Management Services

Question 1

SSH

Answer 1

Secure Shell

• Principal means of secure remote access to UNIX and Linux servers and most types of network appliances
• Can be used to secure SFTP
• Port 22 by default
• Server must be configured with key pair, but client can use key pair or other authentication method, like a password

Question 2

SSH Host Key

Answer 2

• Public/private key pair that identifies SSH server
• Map of host names to public keys can be kept manually by each SSH client
• Must be changed if any compromise of host is suspected, as the attacked could masquerade as the server

Question 3

SSH Client Authentication Kerberos

Answer 3

• Client submits Kerberos credentials obtained when user logged into workstation to the server using the generic Security Services Application Program Interface (GSSAPI)
• Server contacts ticket Granting Service(often DC) to validate credential

Question 4

SSHD

Answer 4

• Starts SSH Daemon

- Parameters like host’s certificate file, port to listen on and logging options can be set

Question 5

ssh-keygen

Answer 5

• Create a key pair to access servers
• Private key must be stored securely on local computer
• Public key must be copied to server

Question 6

ssh-agent

Answer 6

• Configure service to use to store the keys used to access multiple hosts.
• Reduces the number of times key must be confirmed with passphrase
• Provides SSO mechanism for multiple SSH servers
• SSH-ADD used to add key to agent

Question 7

ssh host

Answer 7

Use SSH Client to connect to the server running host.

- host can be FQDN or IP address

Question 8

ssh Username@host

Answer 8

• Use SSH client to connect to server running at host with a different username

Question 9

SNMP

Answer 9

Simple Network Management Protocol

• Widely used framework for remote management and monitoring of servers and network appliances
• Uses agents and a monitoring system

Question 10

SNMP Agents

Answer 10

• Process running on network device or server
• Maintains database of statistics relating to activity of device called MIB (Management Information Base)
• Each parameter in MIB is call OID(Object Identifier)
• Passes information top management system, with same community name

Question 11

SNMP Monitor

Answer 11

• Management system where you can oversee network activity
• Polls agents at intervals for MIBs
• Gets information by “Get” regular polling
  or Trap, based on certain threshold meeting events

Question 12

Syslog

Answer 12

• protocol and supporting software that facilitates log collection
• De facto standard for logging events from distributed systems
• Usually listens on port 514

Question 13

Logging level

Answer 13

• Determines maximum level at which events are recorded or forwarded
• 0 is highest priority
• If it is set to 4, levels 5-7 are not forwarded

Question 14

Jitter

Answer 14

• Variation in transmission delay

- Mainly a problem for real-time applications

Question 15

Diffserv

Answer 15

Differentiated Services

• Classifies each packet passing through a device
• Policies can be applied to router to prioritize delivery
• Works at layer-3

Question 16

Traffic Shapers

Answer 16

• delay certain packet types based on content to ensure other packets have priority
• Helps reduce latency for critical services
• Stores packet until there is bandwidth available

Question 17

Top Talker/Listener

Answer 17

• Interfaces generating most outgoing traffic(in terms of bandwidth)
• Listeners receive most traffic
• Identifying these and routes can be useful to eliminate bottlenecks

Question 18

Netflow

Answer 18

• Gathers traffic metadata only and reports to structured database
• Use sapling to reduce processing demands
• Utilizes exporters, collectors and analyzers

Question 19

Link State

Answer 19

• Whether or not an interface is up or down
• Alerts can be configured for when an interface goes down
• You can also track downtime percentage

Question 20

Reset

Answer 20

• Number of times an interface has restarted in sample time.
• If interface is continually resetting it is described as flapping

Question 21

Speed

Answer 21

• rated speed of interface in Mbps or Gbps

- Should be the same for host and switch ports

Question 22

Duplex

Answer 22

• Most ethernet interfaces operate in full duplex

- If operating in half, indicates a problem

Question 23

Utilization

Answer 23

• Data transferred over a period of time

- calculated as amount transferred or as % of available bandwidth

Question 24

Per-Protocol Untilization

Answer 24

• Packet or byte count for a specific protocol

Question 25

Error Rate

Answer 25

- Number of packets per second that cause errors | - May be caused from interference or bad link quality

Question 26

Discard and drops

Answer 26

- Interface may discard frames for reasons like checksum errors, mismatched MTUs, too small packets (runts) to big (giants).

Question 27

Retransmissions

Answer 27

- Caused by packet loss necessitating retransmission

Question 28

CRC

Answer 28

Cyclic Redundancy Check - Calculated by an interface when it sends a frame - Derives a 32 bit value from contents of fram - Added to header - Receiving interface runs same calculation and rejects different value - Errors caused by interference on Layer 1

Question 29

Public Key Management

Answer 29

- Critical security task - If a users private key is compromised, public key must be deleted and regenerated - Always delete public keys if user access had been revoked

Question 30

System Log

Answer 30

- Records Startup events and subsequent changes to configuration at OS level - Includes Kernel Processes and drivers but also core services

Question 31

Application Log

Answer 31

- Records data for single, specific service like DNS, HTTP or RDBMS - Complex application could write multiple log files

Question 32

Audit Logs

Answer 32

- Records use of authentication and authorization privileges - Generally records success/fail type events - Also called access or security log - Done at OS level or per application level

Question 33

Performance/Traffic Logs

Answer 33

- Record statistics for compute, storage and network resources over defines period

Question 34

Latency

Answer 34

- Time it takes for transmission to reach recipient - Measures in ms - Problem for real time applications - Can test with ping, pathping and mtr - Need to consider RTT(Round Trip Time) - VoIP RTT is required to have less than 300 ms.

Question 35

802.1p

Answer 35

- Used at layer 2 to classify and prioritize traffic passing through switch or WAP - Defines tagging mechanism in VLAN field (802.1Q/p) - Value is set to 0-7, with 0 being highest priority

Question 36

Class of Service Mechanisms

Answer 36

- Categorize protocols into groups that require different service levels and provide tagging mechanism to identify them - DiffServ and 802.1p

Question 37

Control Plane

Answer 37

- Division of network function for QoS | - Makes decisions about how traffic should be prioritized and where it should be switched

Question 38

Data Plane

Answer 38

- Division of network function for QoS | - Handles actual switching of traffic

Question 39

Management Plane

Answer 39

- Division of network function for QoS | - Monitors traffic conditions

Question 40

Traffic Shapers

Answer 40

- Delay certain packet types based on their content | - Will store packets until bandwidth is available

Question 41

Throughput testers

Answer 41

- Divides file size by time it took to transfer file - Should be used at a time representative of real-world network usage - iperf, ttcp, bwping can be used as throughput testers

Question 42

Encapsulation Errors

Answer 42

- Error in the frame format expected by the interface - Prevents transmission and reception - Physical link will appear as up, but line protocol will be listed as down Issue could be: - Wrong frame type - Ethernet trunk error - Router framing