IS585 chapter 1.4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

network operations center (NOC)

A centralized location for techs and administrators to manage all aspects of a network.

capture file

A file in which the collected packets from a packet sniffer program are stored.

promiscuous mode

A mode of operation in which all frames/packets are processes continuously.

Wireshark

A popular packet sniffer.

Short Message Service alerts (SMS)

A proactive message regarding an out-of-tolerance condition of an SNMP managed device sent as an SMS message.

packet analyzer

A program that reads the capture files from packet sniffers and analyzes them based on monitoring needs.

interface monitor

A program that tracks the bandwidth and utilization of one or more interfaces on one or more devices in order to monitor traffic on a network.

extensible protocol

A protocol that can be adapted to accommodate different needs.

Get (GetRequest or GetNextRequest)

A query from an SNMP manager sent to the agent of a manged device for the status of a management information base (MIB) object.

Simple Network Management Protocol (SNMP)

A set of standards for communication with network devices connected to a TCP/IP network. Used for network management.

bottleneck

A spot where network traffic slows precipitously.

flow

A stream of packets from one specific place to another.

packet sniffer

A tool that intercepts and logs network packets.

security information and event management (SIEM)

A two-part process consisting of security event monitoring (SEM), which performs real-time monitoring of security events, and security information management (SIM), where the monitoring log files are reviewed and analyzed by automated and human interpreters.

Managed Security Service Provider (MSSP)

An IT service provider that provides an organization with some amount of cybersecurity monitoring and management, which may include virus and spam blocking, intrusion detection, firewalls and virtual private network (VPN) management.

Response

Answer from an agent upon receiving a Get protocol data unit (PDU) from an SNMP manager.

cycling

As a new record appears in a log file, the oldest record in the file is deleted.

Netflow collectors

Component process of NetFlow that captures and saves data from a NetFlow-enabled device's cache for future NetFlow analysis.

top talker

Host that sends the most data on a network.

log

Information about the performance of some particular aspect of a system that is stored for future reference.

speed and duplex, utilization, packet drops, errors, discards, interface resets

Minimal 6 elements of interface monitoring through a physical port(s) on one or more devices:

SNMP manager, managed devices, management information bases

Minimum 3 components of an SNMP system

facilities

Monitored aspects logged in Linux's syslog.

counters

Monitored aspects logged in Window's Performance Monitor.

managed network

Network that is monitored by the SNMP protocol consisting of SNMP managed devices, management information base (MIB) items, and SNMP managers

managed devices

Networking devices, such as routers and advances switches , that must be configured to use.

e-mail alerts

Notification sent by e-mail as a result of an event. A typical use is a notification sent from an SNMP manager as a result of an out-of-tolerance condition of in an SNMP managed device.

Trap

Out-of-tolerance condition in an SNMP managed device.

Cacti

Popular network graphing program.

alert

Proactive message sent from an SNMP manager as a result of a Trap issued by an agent. Alerts may be sent as e-mail, SMS message, voicemail, or other avenue.

link status

Quality of connection between devices.

network management station

SNMP console computer that runs the SNMP manager software.

snmpwalk (walk)

SNMP manager PDU that collects management information base (MIB) information in a tree-oriented hierarchy of a MIB object and any of its subordinate objects and then automatically queries all of the objects that are subordinate to the root object being queried.

management information bases (MIBs)

SNMP's version of a server.

SNMP manager

Software and station that communicates with SNMP agents to monitor and manage management information base (MIB) objects.

protocol data unit (PDU)

Specialized type of command and control packet found in SNMP management systems (and others).

baseline

Static image of a system's (or network's) performance when all elements are known to be working properly.

flow cache

Stores sets of flows for interpretation and analysis.

Set (Set Request)

The PDU with which a network management station commands an agent to make a change to a management information base (MIB) object.

Performance Monitor (PerfMon)

The Window's logging utility.

top listener

The host that received the most data on a network.

NetFlow

The primary tool used to monitor packet flow on a network.

log management

The process of providing proper security and maintenance for log files to ensure the files are organized and safe.

graphing

Type of software that creates visual representations and graphs of data collected by SNMP managers.

variable

Value of an SNMP management information base (MIB) object. That value can be read with a Get PDU or changed with a Set PDU.

mirrored port

When a network switch sends a copy of network packets seen on one switch port to a network monitoring connection on another switch port, such as in IDPs and packet sniffing.

161 and 162

Which UDP ports are used by SNMP for unsecure communication?

162

Which port does the NMS use to receive/listen (without TLS)?

10162

Which port does the SNMP manager use to receive/listen with TLS?

161

Which port does the agent use to listen/receive (without TLS)?

10161

Which port does the agent use to receive/listen with TLS?

10162 and 10161

Which ports are used when security is added via TLS?


Kaugnay na mga set ng pag-aaral

art history 20-21 northern europe and italy

View Set

Calcium Homeostasis and Hormonal Regulation

View Set

OB Silverstri Labor and Birth at Risk

View Set

Basic Pharm Ch 2 Administration of Drugs TTE

View Set