operations management and open source tools - · pdf fileoperations management and open source...
TRANSCRIPT
Jeremiah Jackson - [email protected]
Gonzalo Guzman – [email protected]
Operations Management and Open Source Tools
FCAPS
WHAT IS FCAPS?
n Framework for managing telecommunication and network resources. n Developed by the ISO when similar management needs were noticed
between the OSI and SMO models.
FCAPS is: Fault Detection Configuration Accounting Performance Security
2
FCAPS – Fault Management
Goal of Fault Management: Recognize, isolate, correct and log faults that occur.
Components: n Fault Detection: Ability to recognize a error when it occurs n Notification: Ability to notify when fault occurs. n Trending: Setting up a series of baselines of normal operation. n Logging: Keep track of faults for future review n Response: Either human or automated
3
FCAPS – Fault Management
Solutions:
n Nagios - http://www.nagios.org/ n OpenNMS - http://www.opennms.org/ n NMIS - http://www.sins.com.au/nmis/ n WhatsUpGold - http://www.whatsupgold.com/ n Vendor Specific Switch Programs: HP Procurve Manager CiscoWorks, etc. n NetCrunch - http://www.adremsoft.com/netcrunch/ n HP OpenView / EMC Smarts / IBM Tivoli
4
FCAPS – Fault Management
Nagios - www.nagios.org
Pros: • Open Source • Polls actual services for response. (HTTP, SMTP, etc) • Flexible Addons for specialized testing • Good Trending data and Uptime Statistics Cons: • Configuration is done via text files. • Linux only
5
FCAPS – Configuration Management
Goal of Configuration Management: Establish and maintain consistency of performance by controlling
changes, and documenting configurations throughout the life cycle of an information system.
Components: n Gather: Collect configurations on a scheduled basis. n Store: Store those configurations for backup purposes n Track: Monitor and report changes to configurations. n Automate: Ability to make mass changes with limited user input.
6
FCAPS – Configuration Management
Solutions:
n Rancid - http://www.shrubbery.net/rancid/
“Really Awesome New Cisco confIg Differ” Utilizes CVS to maintain a database of configuration changes.
Configurations can be generated for any date in time since the device was first added to Rancid.
Linux based command-line only product.
n NetCanner - http://bangj.com n Vendor Specific Switch Programs: HP Procurve Manager CiscoWorks, etc.
7
FCAPS – Configuration Management
NetCannery Pros: • Graphical Front End • Troubleshooting tools such as: IP address analyzer Finds devices with unsaved changes • Ability to create custom reports Cons: • Graphical Front End requires MacOS • Sometimes has difficulty logging into older
devices. • Retail Product, fee based
8
FCAPS – Accounting
What is the goal of Accounting management?
To gather usage statistics for users and use those statistics, to bill users and enforce usage quotas.
For non-billed networks, "administration" replaces "accounting".
To administer a set of resources in such a way as to provide availability and accessibility to authorized users.
9 8/27/12
FCAPS – Accounting
Components:
n Managing Accounts, passwords and permissions.
n Auditing system logs.
n Performing backups of critical data.
10 8/27/12
FCAPS – Accounting
Managing Accounts, passwords and permissions.
n LDAP • Microsoft Active Directory • Novell eDirectory • OpenLDAP
n TACACS • CiscoACS
n RADIUS • Steelbelted Radius • FreeRadius
n Diameter 11 8/27/12
FCAPS – Accounting
Password Guidelines
n length should be a minimum of 7 characters
n should contain a mix of lower-case, upper-case, numeric and punctuation
n names, birthdays, holidays should be prohibited
n words from any language should be prohibited
n expire every 30-90 days
n Remembered the last 6 passwords
n lock out accounts after 3-5 failed attempts
12 8/27/12
FCAPS – Accounting
Password Guidelines
n Educate your users on using Mnemonic to remember complex passwords
n 3vi1hax0r
n 2$3cur34u
n ow&uP@k12
13 8/27/12
FCAPS – Accounting
Auditing system logs
Basic Auditing in Windows
n Enable auditing in Local Security Settings >Audit Policy or use a Group policy
n Failed logon attempts can be found in the “Security log”
Basic Auditing in *nix
n Is enabled by default
n Look for failed logon attempts
14 8/27/12
FCAPS – Accounting
Performing backups of critical data
n Microsoft System Center Data Protection Manager
n Symantec Backup Exec and Veritas Netbackup
n Windows backup and restore
n Amanda (www.Zamanda.com)
15 8/27/12
FCAPS – Accounting
Windows backup and restore
Pros: • Free • Easy to use • Bare metal restore capable (ASR)
Cons: • Windows only • Reliance on legacy technology
16 8/27/12
FCAPS – Accounting
Amanda
Pros: • Freeware • Clients for most OS • Easy to setup
Cons: • Server is Linux only • CLI intensive
17 8/27/12
FCAPS – Performance Management
Goal of Performance Management: Prepare the network for the future by monitoring current network
trends, utilization, error rates, and response times.
Components: n Data Collection – Store performance information for retrieval. n Visualization – Turn data into images for quick comprehension. n Trend Analysis – Monitor data over time to recognize patterns. n Summarization – Consolidate data in larger time blocks.
18
FCAPS – Performance Management
Types of Performance Measurement: n Performance Measurement – Cacti, PRTG, MRTG, Smokeping,
n Forensics Analysis – Wireshark, NTOP, Netstumbler, TCPDump
n Load Generation – Iperf, D-ITG, Internet 2 NDT
19
FCAPS – Performance Management
Cacti - http://www.cacti.net/ n Open Source Visualization Tool n Monitors all types of statistics from SNMP or custom scripts. n Web Based administration / viewing n Module support for scripts to handle additional types of monitoring. n Based on RRDTool. n Automatically summarizes data as time goes on.
20
FCAPS – Performance Management
WireShark - http://www.wireshark.org/ n Forensic Analysis of data on a network.
n Determine network issues like retransmissions.
n Statistics feature can playback IM sessions, and VoIP calls.
n Open Source
21
FCAPS – Security
What is the goal of Security management?
n The process of controlling access to assets in the network
22 8/27/12
FCAPS – Security
Components:
n Policies and Procedures
n Physical security
n Firewalls
n Anti-virus, Trojan and Malware protection
23 8/27/12
FCAPS – Security
Policies and Procedures:
n "Acceptable Use Policy" and "Network Connection Policy.“
n Procedure for requesting security changes.
n These documents should be very straightforward, easy to understand.
24 8/27/12
FCAPS – Security
Physical Security:
n Servers should be kept in temperature and humidity controlled, locked rooms with keyboards and monitors hidden from plain sight if possible.
n Access to these rooms should be limited to key personnel.
n Don't forget a good chemical fire extinguisher.
25 8/27/12
FCAPS – Security
Firewalls:
n Host firewalls • Windows firewall • Iptables
n Network firewall • Cisco ASA/Pix • Fortigate • Sonicwall • Juniper Netscreen • Iptables
26 8/27/12
FCAPS – Security
Anti-virus, Trojan and Malware Protection/Removal:
n Trendmicro AV (www.antivirus.com)
n Symantec AV (www.symantec.com)
n ClamAV (www.clamav.net)
n Malwarebytes (http://www.malwarebytes.org)
n Spybot- S&D (http://www.safer-networking.org/en)
n HijackThis (http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html)
27 8/27/12