- Upgrade before response time becomes unacceptable
- Block ‘bad’ packets before they can do harm
- Disseminate good policies
- Identifying attacks
- Identifying unacceptable response times
- Identify policy violations
Response (Correction and/or disciplinary actions)
- Isolating and Fixing problems
- Public Relations Management
- Minimize Legal Ramifications
Define what is to be protected
Define how to protect assets
- Employees must know appropriate policies and
- Customers must have ready access to appropriate policies and procedures
- Policies only define "what" is to be protected.
- Procedures define "how" to protect resources and are the mechanisms to enforce policy.
Acceptable Use Policies
- Defines for users what is allowable use of the network and what is not
- Some will be required by law
- Defines levels of catastrophes and appropriate responses
- Backups and network documentation
the activities,methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems.
- deals with keeping the network up and running smoothly.
- monitoring the network to spot problems
keeping track of resources in the network and how they are assigned.
- performing repairs and upgrades
- preventive proactive measures such as adjusting device parameters as needed
with configuring resources in the network to support a given service
- The ultimate goal is to reduce and minimize the total
- cost of ownership (TCO) that is associated
- with the network.
total cost of ownership (TCO)
consists essentially of the equipment cost, as well as the cost to operate the network.
network management tools
can help increase operational efficiency and lower cost:
- includes properties such as the bandwidth that is effectively available, or the delay in the network, which, in turn, is a factor in the responsiveness a user experiences when using services over a network.
- reliability and the availability of a communications service.
Systems for the end-to-end provisioning
service automate many of the steps that need to be performed to configure the devices in the network properly
Performance trend analysis
detect potential network bottlenecks and take preventive maintenance action before problems occur
Alarm correlation capabilities
- enable faster identification of the root cause of observed
- failures when they occur, minimizing the time of actual outages.
the cost if quality is not met
- The capability to turn up a service quickly translates into
- quicker time to revenue generation.
- As hardware power doubles, network size and complexity are likely to more than double, making Moore's law of doubling CPU price/performance every 18 to 24 months possibly work against network
- management applications, not for them.
is taken account at every stage of design
a Value on Network Management
- no more than a certain fraction of a networking investment should go into network management;
- 10-to-1 ratio 90% equipment and 10% operation
SANS Policy Primer
- Policies define appropriate behavior.
- Policies set the stage in terms of what tools andprocedures are needed.