Network Management Services

Question 1

SSH

Answer 1

Secure Shell

• Principal means of secure remote access to UNIX and Linux servers and most types of network appliances
• Can be used to secure SFTP
• Port 22 by default
• Server must be configured with key pair, but client can use key pair or other authentication method, like a password

Question 2

SSH Host Key

Answer 2

• Public/private key pair that identifies SSH server
• Map of host names to public keys can be kept manually by each SSH client
• Must be changed if any compromise of host is suspected, as the attacked could masquerade as the server

Question 3

SSH Client Authentication Kerberos

Answer 3

• Client submits Kerberos credentials obtained when user logged into workstation to the server using the generic Security Services Application Program Interface (GSSAPI)
• Server contacts ticket Granting Service(often DC) to validate credential

Question 4

SSHD

Answer 4

• Starts SSH Daemon

- Parameters like host’s certificate file, port to listen on and logging options can be set

Question 5

ssh-keygen

Answer 5

• Create a key pair to access servers
• Private key must be stored securely on local computer
• Public key must be copied to server

Question 6

ssh-agent

Answer 6

• Configure service to use to store the keys used to access multiple hosts.
• Reduces the number of times key must be confirmed with passphrase
• Provides SSO mechanism for multiple SSH servers
• SSH-ADD used to add key to agent

Question 7

ssh host

Answer 7

Use SSH Client to connect to the server running host.

- host can be FQDN or IP address

Question 8

ssh Username@host

Answer 8

• Use SSH client to connect to server running at host with a different username

Question 9

SNMP

Answer 9

Simple Network Management Protocol

• Widely used framework for remote management and monitoring of servers and network appliances
• Uses agents and a monitoring system

Question 10

SNMP Agents

Answer 10

• Process running on network device or server
• Maintains database of statistics relating to activity of device called MIB (Management Information Base)
• Each parameter in MIB is call OID(Object Identifier)
• Passes information top management system, with same community name

Question 11

SNMP Monitor

Answer 11

• Management system where you can oversee network activity
• Polls agents at intervals for MIBs
• Gets information by “Get” regular polling
  or Trap, based on certain threshold meeting events

Question 12

Syslog

Answer 12

• protocol and supporting software that facilitates log collection
• De facto standard for logging events from distributed systems
• Usually listens on port 514

Question 13

Logging level

Answer 13

• Determines maximum level at which events are recorded or forwarded
• 0 is highest priority
• If it is set to 4, levels 5-7 are not forwarded

Question 14

Jitter

Answer 14

• Variation in transmission delay

- Mainly a problem for real-time applications

Question 15

Diffserv

Answer 15

Differentiated Services

• Classifies each packet passing through a device
• Policies can be applied to router to prioritize delivery
• Works at layer-3

Question 16

Traffic Shapers

Answer 16

• delay certain packet types based on content to ensure other packets have priority
• Helps reduce latency for critical services
• Stores packet until there is bandwidth available

Question 17

Top Talker/Listener

Answer 17

• Interfaces generating most outgoing traffic(in terms of bandwidth)
• Listeners receive most traffic
• Identifying these and routes can be useful to eliminate bottlenecks

Question 18

Netflow

Answer 18

• Gathers traffic metadata only and reports to structured database
• Use sapling to reduce processing demands
• Utilizes exporters, collectors and analyzers

Question 19

Link State

Answer 19

• Whether or not an interface is up or down
• Alerts can be configured for when an interface goes down
• You can also track downtime percentage

Question 20

Reset

Answer 20

• Number of times an interface has restarted in sample time.
• If interface is continually resetting it is described as flapping

Question 21

Speed

Answer 21

• rated speed of interface in Mbps or Gbps

- Should be the same for host and switch ports

Question 22

Duplex

Answer 22

• Most ethernet interfaces operate in full duplex

- If operating in half, indicates a problem

Question 23

Utilization

Answer 23

• Data transferred over a period of time

- calculated as amount transferred or as % of available bandwidth

Question 24

Per-Protocol Untilization

Answer 24

• Packet or byte count for a specific protocol

Question 25

Error Rate

Answer 25

• Number of packets per second that cause errors

- May be caused from interference or bad link quality

Question 26

Discard and drops

Answer 26

• Interface may discard frames for reasons like checksum errors, mismatched MTUs, too small packets (runts) to big (giants).

Question 27

Retransmissions

Answer 27

• Caused by packet loss necessitating retransmission

Question 28

CRC

Answer 28

Cyclic Redundancy Check

• Calculated by an interface when it sends a frame
• Derives a 32 bit value from contents of fram
• Added to header
• Receiving interface runs same calculation and rejects different value
• Errors caused by interference on Layer 1

Question 29

Public Key Management

Answer 29

• Critical security task
• If a users private key is compromised, public key must be deleted and regenerated
• Always delete public keys if user access had been revoked

Question 30

System Log

Answer 30

• Records Startup events and subsequent changes to configuration at OS level
• Includes Kernel Processes and drivers but also core services

Question 31

Application Log

Answer 31

• Records data for single, specific service like DNS, HTTP or RDBMS
• Complex application could write multiple log files

Question 32

Audit Logs

Answer 32

• Records use of authentication and authorization privileges
• Generally records success/fail type events
• Also called access or security log
• Done at OS level or per application level

Question 33

Performance/Traffic Logs

Answer 33

• Record statistics for compute, storage and network resources over defines period

Question 34

Latency

Answer 34

• Time it takes for transmission to reach recipient
• Measures in ms
• Problem for real time applications
• Can test with ping, pathping and mtr
• Need to consider RTT(Round Trip Time)
• VoIP RTT is required to have less than 300 ms.

Question 35

802.1p

Answer 35

• Used at layer 2 to classify and prioritize traffic passing through switch or WAP
• Defines tagging mechanism in VLAN field (802.1Q/p)
• Value is set to 0-7, with 0 being highest priority

Question 36

Class of Service Mechanisms

Answer 36

• Categorize protocols into groups that require different service levels and provide tagging mechanism to identify them
• DiffServ and 802.1p

Question 37

Control Plane

Answer 37

• Division of network function for QoS

- Makes decisions about how traffic should be prioritized and where it should be switched

Question 38

Data Plane

Answer 38

• Division of network function for QoS

- Handles actual switching of traffic

Question 39

Management Plane

Answer 39

• Division of network function for QoS

- Monitors traffic conditions

Question 40

Traffic Shapers

Answer 40

• Delay certain packet types based on their content

- Will store packets until bandwidth is available

Question 41

Throughput testers

Answer 41

• Divides file size by time it took to transfer file
• Should be used at a time representative of real-world network usage
• iperf, ttcp, bwping can be used as throughput testers

Question 42

Encapsulation Errors

Answer 42

• Error in the frame format expected by the interface
• Prevents transmission and reception
• Physical link will appear as up, but line protocol will be listed as down
  Issue could be:
• Wrong frame type
• Ethernet trunk error
• Router framing