IS585 chapter 1.4
network operations center (NOC)
A centralized location for techs and administrators to manage all aspects of a network.
capture file
A file in which the collected packets from a packet sniffer program are stored.
promiscuous mode
A mode of operation in which all frames/packets are processes continuously.
Wireshark
A popular packet sniffer.
Short Message Service alerts (SMS)
A proactive message regarding an out-of-tolerance condition of an SNMP managed device sent as an SMS message.
packet analyzer
A program that reads the capture files from packet sniffers and analyzes them based on monitoring needs.
interface monitor
A program that tracks the bandwidth and utilization of one or more interfaces on one or more devices in order to monitor traffic on a network.
extensible protocol
A protocol that can be adapted to accommodate different needs.
Get (GetRequest or GetNextRequest)
A query from an SNMP manager sent to the agent of a manged device for the status of a management information base (MIB) object.
Simple Network Management Protocol (SNMP)
A set of standards for communication with network devices connected to a TCP/IP network. Used for network management.
bottleneck
A spot where network traffic slows precipitously.
flow
A stream of packets from one specific place to another.
packet sniffer
A tool that intercepts and logs network packets.
security information and event management (SIEM)
A two-part process consisting of security event monitoring (SEM), which performs real-time monitoring of security events, and security information management (SIM), where the monitoring log files are reviewed and analyzed by automated and human interpreters.
Managed Security Service Provider (MSSP)
An IT service provider that provides an organization with some amount of cybersecurity monitoring and management, which may include virus and spam blocking, intrusion detection, firewalls and virtual private network (VPN) management.
Response
Answer from an agent upon receiving a Get protocol data unit (PDU) from an SNMP manager.
cycling
As a new record appears in a log file, the oldest record in the file is deleted.
Netflow collectors
Component process of NetFlow that captures and saves data from a NetFlow-enabled device's cache for future NetFlow analysis.
top talker
Host that sends the most data on a network.
log
Information about the performance of some particular aspect of a system that is stored for future reference.
speed and duplex, utilization, packet drops, errors, discards, interface resets
Minimal 6 elements of interface monitoring through a physical port(s) on one or more devices:
SNMP manager, managed devices, management information bases
Minimum 3 components of an SNMP system
facilities
Monitored aspects logged in Linux's syslog.
counters
Monitored aspects logged in Window's Performance Monitor.
managed network
Network that is monitored by the SNMP protocol consisting of SNMP managed devices, management information base (MIB) items, and SNMP managers
managed devices
Networking devices, such as routers and advances switches , that must be configured to use.
e-mail alerts
Notification sent by e-mail as a result of an event. A typical use is a notification sent from an SNMP manager as a result of an out-of-tolerance condition of in an SNMP managed device.
Trap
Out-of-tolerance condition in an SNMP managed device.
Cacti
Popular network graphing program.
alert
Proactive message sent from an SNMP manager as a result of a Trap issued by an agent. Alerts may be sent as e-mail, SMS message, voicemail, or other avenue.
link status
Quality of connection between devices.
network management station
SNMP console computer that runs the SNMP manager software.
snmpwalk (walk)
SNMP manager PDU that collects management information base (MIB) information in a tree-oriented hierarchy of a MIB object and any of its subordinate objects and then automatically queries all of the objects that are subordinate to the root object being queried.
management information bases (MIBs)
SNMP's version of a server.
SNMP manager
Software and station that communicates with SNMP agents to monitor and manage management information base (MIB) objects.
protocol data unit (PDU)
Specialized type of command and control packet found in SNMP management systems (and others).
baseline
Static image of a system's (or network's) performance when all elements are known to be working properly.
flow cache
Stores sets of flows for interpretation and analysis.
Set (Set Request)
The PDU with which a network management station commands an agent to make a change to a management information base (MIB) object.
Performance Monitor (PerfMon)
The Window's logging utility.
top listener
The host that received the most data on a network.
NetFlow
The primary tool used to monitor packet flow on a network.
log management
The process of providing proper security and maintenance for log files to ensure the files are organized and safe.
graphing
Type of software that creates visual representations and graphs of data collected by SNMP managers.
variable
Value of an SNMP management information base (MIB) object. That value can be read with a Get PDU or changed with a Set PDU.
mirrored port
When a network switch sends a copy of network packets seen on one switch port to a network monitoring connection on another switch port, such as in IDPs and packet sniffing.
161 and 162
Which UDP ports are used by SNMP for unsecure communication?
162
Which port does the NMS use to receive/listen (without TLS)?
10162
Which port does the SNMP manager use to receive/listen with TLS?
161
Which port does the agent use to listen/receive (without TLS)?
10161
Which port does the agent use to receive/listen with TLS?
10162 and 10161
Which ports are used when security is added via TLS?