CNE Network Assessment

Similar documents
Lab Developing ACLs to Implement Firewall Rule Sets

Digital Advisory Services Professional Service Description Network Assessment

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

CCT vs. CCENT Skill Set Comparison

Details. Some details on the core concepts:

Network Probe. Figure 1.1 Cacti Utilization Graph

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Lab Organizing CCENT Objectives by OSI Layer

Auditing the LAN with Network Discovery

Configuring PROFINET

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Cisco Networking Professional-6Months Project Based Training

CCNA LAN Switching and Wireless (Exploration 3)

Switching in an Enterprise Network

Abstract. Avaya Solution & Interoperability Test Lab

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Lab Diagramming Intranet Traffic Flows

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Chapter 1 Personal Computer Hardware hours

Trademark Notice. General Disclaimer

Lab Creating a Logical Network Diagram

Essential Curriculum Computer Networking 1. PC Systems Fundamentals 35 hours teaching time

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Configuring DHCP Snooping

Ranch Networks for Hosted Data Centers

MANAGING NETWORK COMPONENTS USING SNMP

Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept

Hosted Voice. Best Practice Recommendations for VoIP Deployments

IP SAN BEST PRACTICES

Dell PowerVault MD Series Storage Arrays: IP SAN Best Practices

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

Lab VI Capturing and monitoring the network traffic

Securing end devices

Summer Webinar Series Network Monitoring Probe Virtual Appliance

Using IPsec VPN to provide communication between offices

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

"Charting the Course...

Scenario 1: One-pair VPN Trunk

Cisco Application Networking for BEA WebLogic

Network Management Deployment Guide

Interconnecting Cisco Network Devices 1 Course, Class Outline

6.0. Getting Started Guide

CTS2134 Introduction to Networking. Module Network Security

Cisco Advanced Services for Network Security

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

How To - Deploy Cyberoam in Gateway Mode

Network Monitoring. Sebastian Büttrich, NSRC / IT University of Copenhagen Last edit: February 2012, ICTP Trieste

Network Analysis Modules

Network Assessment Services

How To Learn Cisco Cisco Ios And Cisco Vlan

MikroTik Invisible Tools. By : Haydar Fadel 2014

NOS for Network Support (903)

Network Management and Monitoring Software

Question: 3 When using Application Intelligence, Server Time may be defined as.

IP SAN Best Practices

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)

Course Contents CCNP (CISco certified network professional)

Who is Watching You? Video Conferencing Security

GregSowell.com. Mikrotik Basics

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

Cisco Application Networking for IBM WebSphere

How To Set Up Foglight Nms For A Proof Of Concept

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Abstract. Avaya Solution & Interoperability Test Lab

IP Office Technical Tip

Cisco EtherSwitch Network Modules

IT Networking and Security

Configuring iscsi Multipath

OpManager MSP Edition

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Operations Management Network Monitoring and Management

Oracle Communications Network Discovery Overview. Updated June 2007

Lab Configuring Access Policies and DMZ Settings

A Guide to Understanding SNMP

Cisco NetFlow Generation Appliance (NGA) 3140

Intro to Firewalls. Summary

How To Understand and Configure Your Network for IntraVUE

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)

CUSTOMIZED ASSESSMENT BLUEPRINT COMPUTER SYSTEMS NETWORKING PA. Test Code: 8148 Version: 01

IT Networking and Security

IP Telephony v1.0 Scope and Sequence. Cisco Networking Academy Program

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

CURSO DE PREPARACION PARA LA CERTIFICACION CCNA (Cisco Certified Network Associate)

The Shift to Wireless Data Communication

Security and Access Control Lists (ACLs)

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Networking (Exploration 1)

Xerox Mobile Print Cloud

Cisco Application Networking for Citrix Presentation Server

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

Computer Networks I Introduction

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

Transcription:

+ CNE Network Assessment Overview The purpose of the network assessment is to measure, analyze, and document network functionality and performance. Areas of assessment include: Local Area Network (wired and wireless) Wide Area Network TCP/IP, DNS/DHCP, and other network protocols Operations support systems Security The network assessment team will employ protocol analyzers and performance monitoring tools to gather network performance data for the client LAN and WAN. In addition, configuration and general network health data for all relevant network devices will be collected using the appropriate GUI and/or CLI. The techniques employed include: Physical-layer analysis: Perform an automated network discovery and develop and/or verify network map. Examine data captured by protocol analyzers and identify physical errors related to networking devices. Network design and configuration analysis: Collect device configuration information. Compare design and configuration data against best practices. Network utilization analysis: Examine network utilization for WAN and Internet access connections. Network throughput analysis: Measure actual data transfer rates for WAN and Internet access connections and compare against expected results. End-to-end performance analysis: Measure network latency across the network. Examine data retransmission rates and the route/path of packets through the network. Security vulnerability analysis: High level security assessment to include switch and interface security as well as VLAN security (e.g. student access versus staff access). Assessment scans and credentialed scans can be included in the assessment pending client approval. Credentialed scans allow access to systems and selected end-user devices to enumerate services, applications, and patch levels. The information collected during the assessment will be analyzed, compared against best practices, and incorporated into an assessment final report. Approximately 2 to 4 weeks after the on-site visit, the final report will be distributed to the client for review and discussion. 20090904 1

Schedule The network assessment will take place over a period of 4-6 weeks and will occur in several steps. The steps are defined as follows: 1. Conduct pre-assessment conference call 1. Review known problems 2. Define the scope of the network assessment determine the network components to be included in the assessment. 3. Client technical personnel compile and/or develop network documentation and forward to network assessment team 2. Develop assessment plan 3. Site Visit 1. Identify network devices for which configuration and general network health data will be collected 2. Identify network segments to be monitored and appropriate monitoring points 3. Configure network probes for network monitoring 1. Install network probes and initiate data collection, and collect required configuration and network health data 2. Perform physical-layer testing 3. Perform security vulnerability testing if requested 4. Retrieve network probes and associated data 5. Analyze data and develop assessment report 1. Develop assessment report including a corrective action plan if appropriate 6. Conduct conference call or on-site meeting to review assessment report 20090904 2

Data Collection Network Documentation Immediately following the pre-assessment conference call, the client representative should provide the following to the network assessment team: Current network diagrams of the client LAN and WAN IP addresses for all network devices including switches, routers, and network servers Site Visit Data Collection During the site visit, the SolarWinds LANsurveyor network discovery tool will be used to map the client network. Network sniffer tools will be employed to perform a physical layer analysis. A sample visual inspection of the data communications cabling infrastructure will also be performed to help assess the quality of the physical infrastructure. Performance data for the client LAN and WAN will be collected by MCNC personnel using network probes installed on the client network. Performance monitoring applications installed on the network probes may include: Cacti to gather SNMP-accessible data for all core network switch and router interfaces including utilization and errors Smokeping to gather latency data for all WAN links ntop to characterize network traffic Nessus for vulnerability scan Network Diagnostic Tool (NDT) for network throughput testing During the site visit, configuration and status information will be collected for key network infrastructure. The collection of this information is automated and includes the output from the following commands: (Note: the commands shown are for Cisco network devices. Use equivalent commands when using network devices from alternative vendors, e.g. Hewlett Packard.) Useful for analyzing configuration: show running-config To display the status and configuration of the module or Layer 2 VLAN show interfaces trunk To display the interface-trunk information show vlan To display VLAN information, show version 20090904 3

To display the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images show auto qos To display the quality of service (QoS) commands entered on the interfaces on which automatic QoS (auto- QoS) is enabled. show spanning-tree To display spanning-tree state information. show interfaces summary To display a summary of statistics for one interface or for all interfaces that are configured on a networking device **Look for dropped packets (IQD, OQD) Some dropped packets are normal, a large amount of dropped packets indicate a problem with the interface or the end point connected to it show interfaces status To display the interface status or a list of interfaces in an error-disabled state on local area network (LAN) ports only **Look for error-disabled state show ip traffic To display statistics about IP traffic **Look for "bad options" or format errors, points to possible problems on the network show processes cpu To displays information about the active processes and their corresponding CPU utilization statistics **Look for processes that monopolized the CPU show processes cpu history (if available) Displays in ASCII graphical form, the total CPU usage over a period of time show log Use the show log command to display the error log for the system or a specific module **Look for errors in the log 20090904 4

Post-Site Visit Data Collection The network probes are typically left on the client site for one to two weeks following the CNE site visit. The extended data collection period ensures an adequate data sampling interval. The client representative will typically be asked to return the network probes to MCNC using packaging, shipping information, and account information provided by MCNC. In addition, MCNC may request remote access to the client network to validate data collected on-site and/or gather additional information needed for the final report. Final Report The final report is typically comprised of four main sections which include the following: Executive Summary Data Collection and Testing Process Summary Results and Observations Recommendation Summary Network diagrams, photographs, device configuration and status information, and detailed performance data are included in appendices to the final report. Contact: David Furiness Mgr. Client Network Engineering MCNC 919-248-1812 dfuriness@mcnc.org 20090904 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information