NETWORK

MANAGEMENT &
SECURITY
 INTRODUCTION
 Computer networks today drive a lot of sectors such as
ecommerce and industry. Billions of money are generated
as a result of computer networks and related
technologies.

 Thus, network management has become a crucial

component for corporate organizations to conduct
businesses efficiently.

 Network Management is the process of monitoring,

testing, configuring and troubleshooting network
components to meet a set of requirements defined by an
organization.
 Network Administrators are IT professionals who ensure
that networks are operating to meet the needs of an
organization. They are the first line of support for most
 Importance of Network
Management
 Threat detection
A network may be vulnerable to threats from outside
external agent. Sophisticated phishing scams and other
outside threats can have disastrous results on a network.
Thus, staying ahead of any given issue is crucial for
maintaining a secure, fully-functioning network.
 Maximum Efficiency
Consistent network maintenance gives the satisfaction of
knowing that the network is running well due to frequent
updates and checkups.
 Avoid costly network disruptions
Slow and unresponsive networks can make it harder for
employees to effectively address customer needs and
 Functional areas of Network Management
 The International Organization for Standardization (ISO)
Network Management forum divided network
management into five functional areas:
1. Fault Management
This is the process of identifying and correcting network
problems, otherwise known as faults. Faults typically
show themselves as transmission errors or failures in the
equipment or interface. Fault result in unexpected
downtime, performance degradation and loss of data.
Thus, fault conditions need to be resolved quickly.
Fault management can be reactive or proactive.
2. Configuration Management
Networks are continually adjusted when devices are
added, removed, reconfigured or updated. These
 3. Security Management
 Security management delas with ensuring overall security
of the network including protection of sensitive
information through access control points to that
information. Security management controls access to the
network devices and sensitive information through the use
of passwords. This management also controls the form of
sensitive data using methods such as encryption.

4. Performance Management
Measuring the performance of a network and its resources
in terms of utilization, throughput, error rates and
response times. With performance management
information, a network manager can reduce or prevent
network overcrowding and inaccessibility.
 [Link] Management
 This involves tracking each individual user’s utilization of
network resources for the purpose of allocation of
resources and billing for their use of the network. This type
of information helps a network administrator allocate the
right kind of resources to users, as well as plan for the
network growth.
 Tools for Network Troubleshooting
 Network troubleshooting tools are a necessity for every
network administrator. When getting started in the
networking field, it is important to amass a number of tools
that can be used to troubleshoot a variety of different network
conditions.
1. Ping
 The most commonly used network tool when network
troubleshooting is the ping utility. This utility is used to
provide a basic connectivity test between the requesting host
and a destination host. This is done by using the Internet
Control Message Protocol (ICMP) which has the ability to send
an echo packet to a destination host and a mechanism to
listen for a response from this host. Simply stated, if the
requesting host receives a response from the destination host,
 Cont..
 For example, if an Internet connection is down at an office,
the ping utility can be used to figure out whether the problem
exists within the office or within the network of the Internet
provider. Figure 1 below shows an example of the ping utility
being used to obtain the reach-ability status of the locally
connected router.
 2. Tracert/traceroute

 Typically, once the ping utility has been used to determine

basic connectivity, the tracert/traceroute utility can used to
determine more specific information about the path to the
destination host including the route the packet takes and
the response time of these intermediate hosts. Figure in the
next slide shows an example of the tracert utility being used
to find the path from a host inside an office to
[Link].

 The tracert utility and traceroute utilities perform the same

function but operate on different operating systems, Tracert
for Windows machines and traceroute for Linux/*nix based
machines.
 Cont..
.
 3. ipconfig/ifconfig
 One of the most important things that must be
completed when troubleshooting a networking issue is
to find out the specific IP configuration of the variously
affected hosts. Sometimes this information is already
known when addressing is configured statically, but
when a dynamic addressing method is used, the IP
address of each host can potentially change often.
 The utilities that can be used to find out this IP
configuration information include the ipconfig utility on
Windows machines and the ifconfig utility on
Linux/*nix based machines. Figure in the next slide
shows an example of the ifconfig utility showing the IP
configuration information of a queries host.
 Cont..
.
 4. [Link]/[Link]
 A very easy test that can be used to both determine the
Internet bandwidth available to a specific host and to
determine the quality of an Internet connection is the use of
the tools available at the [Link] and [Link]
websites. The [Link] site provides the ability to
determine the amount of bandwidth that is available to a
specific host at a specific point in time; this is often a good
tool to use when measuring how long it is going to take to
upload or download information from a local to remote host.
 This measurement can also be used to determine whether the
connection is offering the amount of bandwidth that was
purchased from the Internet provider; keep in mind however
that some amount of bandwidth difference is expected
between the quoted bandwidth purchased and the measured
Cont..
 5. Nslookup
 Some of the most common network troubleshooting issues
revolve around issues with Dynamic Name System (DNS)
address resolution issues. DNS is used by everyone using
the Internet to resolve commonly known domain names
(i.e. [Link]) to commonly unknown IP addresses (i.e.
[Link]). When this system does not work, most of
the functionality that people are used to goes away, as
there is no way to resolve this information.

 The nslookup utility can be used to lookup the specific IP

address(es) associated with a domain name. If this utility is
unable to resolve this information, there is a DNS issue.
Along with simple lookup, the nslookup utility is able to
query specific DNS servers to determine an issue with the
default DNS servers configured on a host.
 NETWORK SECURITY
 Network security is the protection of the underlying
networking infrastructure from unauthorized access, misuse,
or theft. It involves creating a secure infrastructure for
devices, applications, users, and applications to work in a
secure manner.
 Network security is essentially a set of tools and practices
designed to keep your computer network safe from harm.
This includes things like protecting your data from
unauthorized access, stopping malware infections, and
preventing denial-of-service attacks.
Key goals of network security:
• Confidentiality: This means making sure only authorized
users can access your data.
• Integrity: This means ensuring that your data is accurate
and hasn't been tampered with.
 Types of Network Security
■ Here are the different types of network security:
 Firewalls:
Firewall is a hardware or software device that controls
incoming and outgoing traffic based on predetermined
security rules. They act as a barrier between trusted and
untrusted networks, such as the internet. Firewalls can filter
out malicious traffic, such as viruses and worms, and
prevent unauthorized access to a network.
 Network Segmentation:
This involves dividing a network into smaller subnetworks,
which can help to limit the damage caused by a security
breach. For example, a company might segment its network
to separate its guest network from its internal network. For
instance VLAN, which stands for Virtual Local Area Network,
 Cont..
 Remote Access VPN:
A virtual private network (VPN) encrypts data traffic that
travels over a public network, such as the internet. This
helps to ensure that the data is confidential and cannot be
intercepted by unauthorized users. Remote access VPNs
are often used by employees who need to connect to a
company network from home or another remote location.
 Intrusion Prevention Systems (IPS):
IPS are network security devices that monitor network
traffic for malicious activity. IPS can detect and block a
wide range of attacks, such as denial-of-service attacks
and port scans.
 Cont..
 Sandboxing:
Sandboxing is a security technique that isolates
applications or code from the rest of the network.
This can help to prevent malware from infecting
other systems on the network.
 Multifactor Authentication (MFA):
MFA is a security technique that requires users to
provide two or more factors of authentication in
order to access a system. MFA can help to prevent
unauthorized access to systems, even if a
cybercriminal obtains a user's password.
THAN
K YOU