1 / 40

Network Management

Network Management. Remote Network Management & Network Security. Learning Objectives. Upon successful completion of this lesson, you will be able to:. Identify the considerations for successful network management.

yamin
Download Presentation

Network Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Management Remote Network Management & Network Security

  2. Learning Objectives Upon successful completion of this lesson, you will be able to: • Identify the considerations for successful network management. • State the purpose of offering subscription rates, and how it may improve network performance. • State the benefits of using SNMP to manage the network. • List the methods for accessing BreezeACCESS radios. • State the purpose and function off the BreezeCONFIG Utility. • Describe how to implement security within a network.

  3. Network Considerations • Capacity and subscription rates • Wireless Network Security • Remote Management of Wireless Networks • Performance Metrics & System Reliability • Breakdowns and Response Plans

  4. Subscription Rates • Utilize the network better - different subscription fees during different hours (e.g. residential will pay less during working hours, business will pay less during non-working hours) • Propose usage-based billing to customers

  5. Data Model • Estimated Parameters • Households Passed/sq Mi – Typically Focused on the Suburban Range of 400 to 600 HH/sq Mi • Coverage – Typically 80% of Cell Has Useable Service • Penetration – Amount of Covered Users Who Accept the Service. Typically 10% to 25% • Online Ratio – Ratio of Active Users to Total Number of Subscribers. Typically 30% to 50% At Peak Busy Hour. • Active/Online Ratio – Ratio Of The Amount Of Time User Is Transmitting/Receiving vs Total Time Online. Typically 10% to 20%

  6. Bandwidth Considerations • Bandwidth Management • The selling of bandwidth in standard increments, such as: • 128 kbps • 256 kbps • 512 kbps • 1.5 mbps • Rate structures • Cost of management • Rate vs. return

  7. What is a Network Management System? • An automated monitor & control system. • Enables the user to “feel” the network and detect failures, bottlenecks and abnormal event in real time. • Sometimes automatically fixes minor problems

  8. Why is Network Management Important? • Cost - Manual management is costly. • Customer Service - Maximizes service ability by allowing provider to know of problems before customer, and automated problem tracking. • Knowledge Factor - Provides for knowledgeable decisions in capacity and planning by providing precise numbers on utilization, errors, etc.

  9. Automated Management Provides a Key Knowledge Factor • Enables “smarter” planning of network growth by knowing exactly what your network utilization is at every link. • Allows for maximizing utilization of current resources, by knowing the least utilized resources, you can balance your traffic load. • Allows for costing analysis, and business planning, by knowing your customer utilization trends and knowing exactly where are your “problem” areas in the network.

  10. What is SNMP • Simple Network Management Protocol. • SNMP is an INTERNET protocol. • SNMP is a protocol that enables you to communicate between devices. • The protocol is used to manage and monitor devices on a network.

  11. Benefits of SNMP • Enables you to CONFIGURE devices from a remote location. This allows you to make changes or, just view current settings of the device. • Enables you to MONITOR devices. Monitoring let you see the information as media utilization, amount of errors, and amount of re-transmissions. • SNMP TRAPS give you an alert message when status of your unit has changed. Example the unit has associated to another Access Point. • Helps you in troubleshooting and maintaining your network’s devices.

  12. SNMP Version • SNMPv1- Existing standard, Security based on Community Strings that are passed in CLEAR TEXT. • SNMPv2- Gets information in Bulk additional security and commands, Security (encryption). • SNMPv3- Best Security, Security is done with Authentication and DES Encryption. • Versions 2 & 3 are not supported by Alvarion at this time.

  13. Main SNMP Commands • GET - Used by the Network Management Station to retrieve a value from an agent. • SET - Used by the Network Management Station to change and apply values to an agent. • TRAP – Used by an AGENT to inform a Network Management Station of an event.

  14. Community Strings • Read-Only Community String- Allow Users/Management station only to view information from a device • Read-Write Community String- Allows Users/Management stations to view and change setting on a device

  15. Management Information Base (MIB) • A text file that can be viewed and edited with a viewer, such as Notepad. • It provides a directory like structure to all Management Information. • It defines and describes components of a product and Object Identifier

  16. Types of MIB’s • Public MIB (standard) This is a MIB that has common variables for same type devices. For example, our devices are bridges and therefore, respond to standard bridge MIBs (RFC 1286) and MIB II (RFC1213). • Private MIB (Enterprises) A private MIB has additional variables specific to a vendors product. For example, our devices have additional features that normal bridges don’t have; i.e Multi-Rate, Load Sharing, and others. We have our own proprietary MIB to support these features.

  17. Main Network Management Components • Agents – This is the component in a device that makes it SNMP capable • Management Platform – This is the software program that allows you to communicate with an Agent. • Management Station- This is the station which has the management platform software installed.

  18. Remote Network Management

  19. BreezeACCESS Administration • BreezeACCESS easy to use interface allows configuration, monitoring and management of BreezeACCESS units in the following methods: • Locally – using an ASCII terminal • Remotely – using Telnet • Remotely – SNMP • BreezeCONFIG • SNMP management software • Unit configuration upload/download is possible via TFTP. • Software upgrade is done via TFTP or FTP • Dual flash bank mechanism ensures a robust procedure.

  20. Network Management Options

  21. Remote Management • BreezeCONFIG Features: • Windows based application. • Provides complete configuration & monitoring capabilities of all BreezeACCESS products. • Automatic discovery of BA devices in the local network. • Provides TFTP application for parallel upgrades. • Enables configuration of numerous units simultaneously.

  22. Remote Management • BreezeCONFIG is not: • A full scale SNMP manager • No History, Trends, advanced paging functions • No support for other devices on network • There is a version for each style radio you are using • DS.11 • VL, etc.

  23. SNMPc From Castle Rock Software • Network Management Application That Helps You Manage BreezeACCESS Units On your Network

  24. SNMPc From Castle Rock Software

  25. SNMPc From Castle Rock Software

  26. Wireless Network Security

  27. Wireless Network Security • Security is one of the most important determinants of the success of a Wireless Network. • Wireless Network Security Elements: • Security is addressed at various levels in a Wireless Network to implement the above Security Elements.

  28. Security Levels Radio Subscriber Network Protocol VPN Levels

  29. Radio Level - GFSK • Subscriber Unit (SU) - Access Unit (AU) Association: • IEEE 802.11 Authentication • RC-4 Algorithm • 40-bit shared key • The shared key can be changed daily through: • Telnet • SNMP or BreezeCONFIG Utility • Access Unit • Black list • Preventing a radio from accessing network • Frequency Hopping - Sequence Code: • Both AU and SU share the secret code • The sequence code can be changed • Extended Service Set ID – ESSID • Max Associations

  30. Radio Level - VL • 128 bit Wired Equivalent Privacy • Encrypts Data and ESSID • AES – Advanced Encryption Standard • Encrypts Data and ESSID • Max Associations • OFDM modulation • Extended Service Set ID – ESSID

  31. Radio Level - LB • Point to Point operation only • Proprietary encryption based on MAC address of remote device • No broadcast of keys

  32. Subscriber Unit Level • VLAN support - IEEE 802.1q: • Tag insertion • Out-going (SU-to-connected LAN) Packet Filtering • IP Filtering Lists

  33. Network Service Level • Network Services: • General Internet Services - ISP • Private Networks for Telecommuters • Separate Virtual Networks for: • General Internet Services • Private Network for Each Enterprise • Each Network implements PoP to PoP security based on IPSec, Layer 2 Tunneling Protocol (L2TP)

  34. Protocol Level • Customer requirement • To permit PPPoE only at the Ethernet Port • Advantages: • Blocks the Broadcasts • Blocks the attacks at IP level

  35. VPN Level (RADGUARD, Check Point, etc.) • Implements IPSec standard • Most secure for banking remote access • Telecommuter • Software client running on PC – Windows 2000 • Enterprise premises • Security Server - between Router and Internal LAN • Features • Encryption • Key Management • Digital Signatures • Auditing features (Logs, Traps)

  36. Security issue Solution Management parameters modified by entities not entitled to do so. • The system accepts management commands only from a previously defined IP addresses. ISP wants to avoid intruder SU to connect to its AU. • Authentication, ESSID, WEP. ISP wants to avoid intruder workstations to access its AU (network) from behind SU (on the LAN). • IP address filtering (SU transmits only predefined IP addresses). SU-A wants its broadcasts to reach only SU-C, not its neighbors. • SU-A and SU-C should have their own VLAN. Security Parameters

  37. Security issue Solution SU-A does not want its broadcasts to be “heard” on the air (except ARP, to find the router on AU’s LAN). • Broadcast filtering in SU-A. • Non relaying broadcasts frames by AU. SU-A wants to stop incoming traffic from neighbors (broadcasts and unicasts). (e.g. “Network neighborhood” clicked by a user on SU-B). • SU-A should have its own VLAN (ISP should provide different VLANs to enterprises and to single users) • AU should not relay broadcasts. • SU-A should accept only frames arriving from predefined IP addresses. • SU-A should be followed by a router (users are on separate nets). • SU-A should be followed by a router and a fire wall. Security Parameters

  38. Security issue Solution SU-A wants neighbors to be unable to “see” its traffic. • SU-A should have its own ESSID/AU (Neighbors can not synchronize with SU-A’s AU). • SU-A should have its own VLAN (unicast frames with SU-A tag are not “seen” by SU-B users). SU-A wants traffic to be protected over the Internet/Intranet. • Create VPN (tunneling + encryption). Security Parameters

  39. Summary In This Lesson, We Discussed… • Network Considerations • Subscription Rates • Network Management and SNMP • Network Security

  40. Any Questions?

More Related