Network Monitoring
This area focuses on network monitoring of the campus network. General requirements and framework conditions for monitoring are given. Netflow/IPFIX analysis is covered. Security monitoring, anomaly detection and behaviour analysis are also dealt with. Particular considerations for IPv6 monitoring are given. References to a number of open source tools are given, many of which are developed within the GÉANT community.
|
Computer-based teaching laboratories at the universities in Macedonia are used in three general situations: practical demonstrations of various technologies as part of the teaching process, individual work by students on their assignments and projects, and as an environment for conducting exams of many different types. Depending on the special use-cases for each situation, different access permissions are required, different network setups are required, access to online resources should be permitted/denied, and in most situations such adjustments should be performed by the teacher, without needing any network administration knowledge or direct access to the networking equipment. In this document, the design and organizational process of the deployment of such a system is presented together with the tools that enable and ease the implementation and customization based on the needs stemming from the real environment. |
| The Splunk Log Management Software is a comprehensive tool that enables collection and browsing of a large number of log messages of different types, creation of dynamic reports, and graphic presentation of the desired results. This paper considers and explains in detail the processes of collecting and analysing the eduroam service log messages, and gives examples of the Splunk web application usage in displaying and analysing the service statistics and end user behavior. |
|
The document describes monitoring and system notifications about the status of the servers and services in the academic network of the University of Montenegro, with the help of the Nagios core server and SMS servers. The installation and configuration of the Nagios core, NRPE and SMS servers, monitoring Linux servers and sending notifications are contained in the document. Furthermore, the document will present the procedure for monitoring Ubuntu Linux servers, monitoring server Linux service and sending appropriate notifications to administrators. Emphasis is placed on monitoring and sending notifications. |
|
This document presents the procedures used for network traffic analysis, which provide a clear overview of the structure of traffic and enable the efficient detection of potential problems and irregularities. |
 Traffic Analysis and Device Management based on NetFlow data in MREN
This document presents the flow collector for assembling and analysing data on generated network traffic data obtained from network device exporters. A solution for network traffic analysis will be presented and used for implementing a network devices management system based on the qualitative analysis of network traffic. Some of the basic techniques for computer network management will also be analysed. The proposed solution sends warnings and automatic actions for changing the configuration of network devices, based on data obtained from qualitative network traffic analysis. |
|
Setting up an infrastructure for active and passive measurements can be very useful for monitoring the network. It can be used for both performance and security monitoring and it can also be a very good tool for debugging network problems. A monitoring probe is usually a commodity hardware server and for passive monitoring either a specialised monitoring card or a commodity NIC is used. T he difference between active and passive monitoring is that active monitoring actively generates network traffic and measures the results while passive monitoring passively captures and monitors the existing network traffic. |
|
Most ISP and many other companies use network address translation (NAT) technology. This is primarily due to practical reasons, such as exhaustion of IPv4 addresses, or security reasons. The shortage is mainly caused by the expansion of IP telephony, followed by the growth levels of wireless network devices these days. This document describes a way to connect several private IP addressed networks (RFC1918) to a central resilient NAT device in the network core. |
|
This document focuses on the anonymity of campus networks. The negative aspects of anonymity for a university's reputation are discussed. The challenges of solving security incidents are dealt with. The main problem with anonymity occurs when an offender leaves footprints on the Internet that lead back to the university. This document provides recommendations for how to set up anonymity in the campus network from both a technical and legislative point of view. |
|
This recommendation defines the requirements and framework conditions for network monitoring in campus networks. Fault management, accounting management and performance management are covered. An approach using a toolkit of task-specific monitoring tools is recommended. A centralised alarm system should also be considered. The need for a robust monitoring system is emphasised, whose location requires careful consideration. The system itself should be monitored, and its level of redundancy should be evaluated. In addition, security must be a high priority for any monitoring system. |
|
The purpose of this document is to provide an insight into basic NMS (Network Management System) activities, along with recommendations for administrators of campus and/or local networks intending to apply the NMS tools within their networks. |
|
In this document, a complete overview of network services monitoring is given. Planning monitoring and different monitoring techniques, as well as their pros and cons are described. A thorough review of monitoring tools, ranging from self-written scripts to commercial products, is given. |
|
Detailed network monitoring is becoming even more important, as the amount of illegal activities increases each year. Flow monitoring appears to be a robust and promising method, which makes automated search and classification of network incidents possible. The network administrator can gain an overview of which IP addresses and services use the most bandwidth. Network scans and any attack systems incidents can be detected. |
|
The purpose of this document is to provide an insight into network security monitoring and behaviour analysis for administrators of campus network and computer security incident response team members. The document describes flow-based network security monitoring systems and how to deploy them in a campus network. The process of NetFlow generation, collection and anomaly detection are detailed. |
|
The purpose of this document is to provide users with detailed information regarding proper configuration of the NetFlow protocol in a campus environment. Situations where devices do not support the NetFlow protocol are presented, and alternate solutions provided. Basic methods of NetFlow statistical analysis are also covered. |
|
There are a number of ways to secure networks and network devices. A defence-in-depth approach is recommended, which will set up a defence perimeter at many levels. This can be complemented by deploying intrusion detection systems (IDS). The document summarises the experiences CESNET has in the field of intrusion detection and prevention. |
|
The IPv6 protocol creates new challenges for network administrators. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC, because an IPv6 address can be randomly generated and keeps changing. Computers with an IPv6 stack can also communicate via predefined tunnels over the IPv4 infrastructure. This tunnelled traffic usually bypasses network security implemented in firewalls. This document discusses the major monitoring issues of IPv6. A practical solution for the monitoring of both IPv4 and IPv6 traffic is proposed. The solution is based on SNMP and NetFlow data, and provides ways of identifying user traffic. |
|
This document discusses Network Operation Centres from the perspective of Funet member organisations relative to the Funet NOC. The document includes a brief description of what a Network Operation Centre is and presents models on how to organize a NOC. The document also discusses commonly used tools that are essential to NOC operations and how to use them. Network monitoring tools are not included in the scope of this document. |
|
This document describes the implementation of the system used for monitoring a complex server authentication hierarchy based on the RADIUS protocol. The solution presented herein has been developed within the eduroam® service of the Academic Network of Republic of Serbia (AMRES). The eduroam® authentication infrastructure requires a suitable monitoring system, which enables testing the functionalities of all the RADIUS servers this service comprises. The monitoring system has been designed to provide a sufficiently detailed insight into the state of the RADIUS infrastructure, while not infringing upon user privacy as required under the eduroam® policy. |
Quick Links
|
|---|
