Converging
On Your Network Network
managers are expected to provide fully secure and interoperable network
access for voice, data and video applications anytime and anywhere.
“We need to be looking at more and more at making
infrastructure
more common, converging telecommunications, video and data capabilities
right down to the desktop,” said GSA’s Jim Williams
at a
recent industry roundtable. “The goal is to put things on a
more
common interoperable platform; one that makes agencies better able to
interoperate and provide information sharing.”
Today’s Federal network needs to be far more flexible, far
more
responsive and far more security conscious than ever before.
That’s because networks are a designated CI/KR –
critical
infrastructure/key resource.
Network managers are responsible for the smooth operation of these
critical infrastructure assets. They have a lot on their plate, such as
dealing with the growing number of applications and the sheer volumes
of data, systems and servers that have become more difficult to manage.
And there’s the movement towards convergence.
Convergence is commonly used in reference to the combination of voice
(and telephony features), data (and productivity applications) and
video onto a single network. And via different protocols networks can
communicate with other computer networks. These previously
separate technologies are now able to share resources and interact with
each other creating new efficiencies.
The
Basics
Network management refers to the maintenance and administration of
large-scale computer networks and telecommunications networks at the
top level. There exists a wide variety of software and hardware
products that help network system administrators manage a network.
Network management covers a wide area, including:
Performance: Eliminating bottlenecks in
the network.
Reliability: Making sure the network is
available to users and responding to hardware and software malfunctions.
Security: Identification of an
organization’s information assets and the development,
documentation and implementation of policies, standards, procedures and
guidelines and ensuring that the network is protected from unauthorized
users.
Technologies
and Functions Operating the network entails functions required for controlling,
planning, allocating, deploying, coordinating, and monitoring the
resources of a network.
This includes functions such as: initial network planning; frequency
allocation; predetermined traffic routing to support load balancing;
cryptographic key distribution authorization; configuration management;
fault management; security management; performance management;
bandwidth management; and accounting management.
Data for network management is collected through several mechanisms,
including agents installed on infrastructure, synthetic monitoring that
simulates transactions, logs of activity, sniffers and real-time user
monitoring.
Configuration Management technology automates manual tasks, maximizes
efficiency and accuracy by minimizing human error, and enhances
security through tight access controls and configuration audits.
Products capture and store accurate server and device configurations;
use automated features to provision and configure new devices; enforce
access and change policies; and monitor actions taken on or in relation
to devices. This helps maintain consistency across similar devices,
ensure critical change data is documented and more quickly restore a
device to the known “desired” state
–meaning if a
failure occurs after a change, network engineers can roll the device
back to its known configuration before the change.
Fault Management is the set of functions that detect, isolate, and
correct malfunctions in a telecommunications network and compensate for
environmental changes. It includes maintaining and examining error
logs, accepting and acting on error detection notifications, tracing
and identifying faults, carrying out sequences of diagnostics tests,
correcting faults, reporting error conditions, and localizing and
tracing faults by examining and manipulating database information.
Performance Management is a set of functions that evaluate and report
the behavior of equipment and the effectiveness of the network. It also
includes sub functions such as gathering statistical information,
maintaining and examining historical logs, determining system
performance under natural and artificial conditions, and altering
system modes of operation.
Security Management is the set of functions that protects from
unauthorized access by persons, acts, or influences. It includes many
sub functions, such as creating, deleting, and controlling security
services and mechanisms; distributing security-relevant information;
reporting security-relevant events; controlling the distribution of
cryptographic keying material; and authorizing subscriber access,
rights and privileges.
Management tools such as information classification, risk assessment
and risk analysis are used to identify threats, classify assets and to
rate system vulnerabilities so that effective control can be
implemented.
Network
Access Control Begets Real-Time Security Monitoring
More
and more
agencies are turning to real-time security monitoring as a way to
improve their Network Access Control (NAC). NAC is a method of
bolstering the security of a proprietary network by restricting the
availability of network resources to endpoint devices that comply with
a defined security policy. It goes hand-in real-time security
monitoring.
A traditional network access server (NAS) is a server that performs
authentication and authorization functions for potential users by
verifying logon information. In addition to these functions, NAC
restricts the data that each particular user can access, as well as
implementing anti-threat applications such as firewalls, antivirus
software and spyware-detection programs. NAC also regulates and
restricts the things individual subscribers can do once they are
connected. Several major networking and IT vendors have introduced NAC
products.
NAC is ideal for corporations and agencies where the user environment
can be rigidly controlled. However, some administrators have expressed
doubt about the practicality of NAC deployment in networks with large
numbers of diverse users and devices, the nature of which constantly
change.
