Question

You work for a large organisation that provides formal training in information technology related topics to clients on a fee-for-service basis. Several systems support this, including a media server (providing videos) and various information systems for providing sales and support to your clients. One of your networks internal links that connects the media server and to your ISP connection has just been damaged, and although still functional, the throughput (rate of data successfully delivered) across this link has reduced. Answer the following questions as a team member in the organisation’s Network Operations Centre:

a. Identify three elements of telemetry data (SNMP, IPFIX, sylog, or other) that might be useful in identifying this problem, and provide a brief explanation of how those data elements could be used to identify the problem.

b. An important concept used for monitoring networks is baselining, i.e., a snapshot of the regular/expected values of telemetry data when the network was operating normally. Explain how baselining could improve the chances of this problem being detected.

Answer 1

a.) Identify three elements of telementry data (SNMP, IPFIX, sylog or other) that might be usefule in identifying this problem , and breif explaination of how those data elements could be used to identify the problem --

• The detection system monitor network traffic which indicate security threat and misconfiguration.
• The commercial tools and open source can be used to identify security threats within your network. these tools include --
• NetFlow, security monitoring, analysis and response system, traffic anomaly detectors, IPS sensor, Network analysis module and open source monitoring tools.
• And other tools can be used to achieve complete visibility of what is happening within your network.
• Sylog
• SNMP
• IPFIX
• Sylogs -- It is also called as system logs. it provide information for monitoring and troubleshooting devices within your infrastructure.
• The sylog can be enabled on networrk devices like -- Routers, switches, firewall, VPN devices.
• SNMP -- This is most basic form of identifuing the network problem. this is layer 7 protocol which is used to designed to obtain information from network devices.
• The network problem can be based on following --
• CPU, memory, Device errors, network traffic statistics, packet rates and paket errors.
• The SNMP manager control and monitor actiivities of network hosts  

b.) An important concept used for monitoring networks is baselining, snapshot of the regular/expacted how baseline could improve the chances of this problem being detected --

• The role of baseline in network security is huge. it indicate some kind of volumatric denial of services attacks.
• For example -- users use normal traffic patterns indicate that the network is being used to access the CRM system, email and internet. suddenly there is traffic which is going from user's computer to accounting server. it can indicate that the computer is hacked and malware is attemting to access financial information.
• This can help to reduce the risk and minimize damage when breach occurs.
• Baseline helps to measure imapct of architectural changes.
• for example -- if company uses traditional network , it can set baseline to understand volume of traffic which is flowing over WAN links.