A network management
system (NMS) is a system comprising software and hardware that
utilizes Simple Network Management Protocol (SNMP) to
automatically
discover, map,
manage, and
monitor all
SNMP-enabled
devices on a LAN or WAN. To have
more control over network devices, an NMS may need to install some
additional agent or client software there.
NMS can monitor a wide
variety of network devices such as desktops, servers, switches,
routers. It can also monitor any device on a network that is running
Internet Protocol (IP) or Internet
Packet Exchange (IPX).
Both commercial and open source NMS are available. Popular/good , commercial NMS are: Cisco Network Management Software from Cisco Systems, HP Network Management Solution (OpenView) from HP, ManageEngine OpManager from ManageEngine, WebNMS framework from ZOHO Corp.
Open source NMS are: OpenNMS from OpenNMS.org, Nagios from OpenSource.
To develop an NMS, you shall need a Web server (IIS/Apache...), a backend database (MySQL, MS SQL), scripting language for GUI (PHP,ASP, perl, .NEt, python...)
What is SNMP?
Simple Network Management
Protocol (SNMP) is an application–layer protocol of Transmission
Control Protocol⁄Internet Protocol (TCP⁄IP) protocol suite.
Today, most of the
networking devices come with bundled SNMP agent, which enabled them
to communicate with the network management system (NMS).
SNMP is Client/Server
architecture having 2 major entities:
- SNMP Manager (at NMS)
- SNMP agent (at managed network devices )
Generally, NMS is used
as:
- as a monitoring solution (SNMP Read Only queries) to monitor network devices
- as a management solution(SNMP Read Write queries) to manage network devices
- or a combination of above.
If
it
is
being
used
as
a
network
management
solution,
then
the
SNMP
Read/Write
(RW)
string
is
present
on
the
network
devices,
which
drastically
increases
the
risk
after
compromise
of
NMS system.
If
it
is
being
used
as
a
network
monitoring
solution,
then
only
the
SNMP
Read
Only
(RO)
string
is
being
used
on
the
network
devices,
thus
the
ability
for
an
attacker
to
cause
damage
after
gaining
control
of
an
NMS
system
is
drastically
reduced.
SNMP
Configuring Tips
- NMS is Trusted Computing Base (TCB) device of your network, it has got all access in ACL (Access Control List) of router and Firewall. Hence it must be configured very carefully.
- Both NMS and manged network devices should have same SNMP READ ONLY or READ WRITE
- To avoid SNMP traffic sniffing and manipulation attacks, SNMPv3 or higher should be used with data encryption feature enabled
- Ensure there is no unknown SNMP-enabled devices on your network
- SNMP READ ONLY or READ WRITE string should be long and complex
- Default SNMP READ ONLY or READ WRITE string should be changed, and it it is not being used then it should be removed
- For remote administration SNMP configuration password should be set.
- To enable SNMP client and service at Windows server/XP/Vista/7:
- Go to :Control Panel. Click on Programs And Features link and then click on Turn Windows features on or off.
- Type services.msc at Start> Run: Select SNMP Service Properties, click on Traps tab. In the “Community name” text box, enter a log and complex case-sensitive SNMP community name/string to which this computer will send trap messages.
- Select Security tab: click Accept SNMP packets from these hosts. Set “Community Rights”: READ ONLY for monitor mode or READ WRITE for management mode.SNMP traffic passes over Transmission Control Protocol (TCP) ports 161 and 162 and User Datagram Protocol (UDP) ports 161 and 162. (If you sniff traffic through wireshark, you shall find SNMP protocol, and when right click, "Follow UDP Stream" menu is in context)
NMS
Standards
Most
NMS adopt 'FCAPS' ISO
Telecommunications
Management Network model and
framework for network
management. FCAPS is an acronym for
Fault, Configuration,
Accounting, Performance,
Security.
- Fault Management: NMS correlates and manages notifications received from the agent installed on manged devices. If a parameter increases in size or complexity, it generate alarm to the manager via Email, SMS, RSS feeds and Twitter.
- Configuration Management: NMS is supposed to be vendor neutral and support multiple hardware and software devices. It creates inventory of physical (hardware version and revisions, firmware details) and logical configuration (system/network settings etc.) of devices and keeps this information up-to-date for proper planning.
- Accounting Management: NMS measures network utilization so that individual or group users on the network can be regulated appropriately for the purposes of accounting or chargeback.
- Performance Management: NMS monitors and measures various aspects of performance so that overall performance can be maintained at an acceptable level.
- Security Management:NMS ensures authentication, access control, data confidentiality, data integrity, and non-repudiation. These may be applied in course of any communications between network devices and between users.
It was hard to manage network few years ago, but today it's pretty simple, because of good network managing software.
ReplyDeleteYeah. But for Industrial Control System/SCADA based networks it is still a bit difficult at start.
Delete