Network Monitoring Handbook:
The Complete Guide to Network Monitoring

Table of Contents

CHAPTER 1

Introduction

CHAPTER 2

Network Devices

Types of Devices in a Network

Network cabling

Creating a Local Area Network

Configuring Network Devices

CHAPTER 3

Network Design Architecture

Network Layers – Core, Distribution, Access

Hierarchical Network Design

Routing Protocols

Redundancy Planning

Expanding the network (scalability)

CHAPTER 4

Best Practices for Network Design

CHAPTER 5

Network Monitoring Protocols

Simple Network Management Protocol (SNMP)

Internet Control Message Point (ICMP)

CISCO Discovery Protocol (CDP)

CHAPTER 6

Network Monitoring Best Practices

CHAPTER 7

Network Security

Common Threats to Network Security

Components of Network Security

Other Types of Network Security

CHAPTER 8

Importance of Network Monitoring

Features of a Network Monitoring Solution

Benefits of Network Monitoring

CHAPTER 9

Choosing Network Monitoring Solution

01
Introduction

With Network monitoring, all devices such as PCs, routers, servers, switches, virtual machines, etc., are continuously monitored for their performance to optimize their availability. Continuous monitoring helps prevent network failures and minimizes downtime. For monitoring to be truly effective, the network itself needs to be designed to be efficient.
This handbook gives you complete insights into various aspects of network monitoring and the best practices involved in creating an effective and efficient network.

Introduction
Network Devices

02
Network Devices

These are hardware devices that are part of a computer network. These interconnected devices play a critical role in the transfer of data in the fast and secure way within or outside the network. Each device in a network has a specific function, which it performs efficiently.

Before you start with the design process, you need to understand the features of different devices and how you can effectively use them.

Types of Devices

Here is the list of all major devices in your network.

Routers

A router is a device that transmits data packets from one destination to another. To transmit this data, it needs a logical address (IP address) of the interconnected devices. Routers are smart devices that store information about the networks and systems they are connected to. Routers play a critical role in TCP/IP networks. When it comes to filtering traffic, routers are the first line of defense for network administrators. Therefore, they must be configured to pass only authorized traffic with the help of firewalls and content filtering software.

Switches

In a network, a switch acts as a bridge between various devices connected to a network such as computers, servers, printers, wireless points, etc. Information can be shared between connected devices with the help of a switch. It employs the packet switching technique to receive, store and forward data packets within the network. The function is not just limited to information sharing. It can also check for errors before forwarding data to make sure only the correct information is forwarded to the correct port.

Repeaters

Repeaters play the critical role of regenerating or amplifying an incoming signal before it becomes too weak for retransmission. This is done mainly to cover longer distances of signal transmission. In addition to boosting attenuated signals, digital repeaters can also reconstruct signals that are distorted during transmission.

Hub

A hub is a multiport device that connects various devices in a network. When a computer has to be connected to a network, it can be plugged into one of the ports in the hub. When data packets arrive at a hub, they are broadcast to every port in the hub. However, hubs do not have any filtering ability. So, the data packets will be sent to all devices unfiltered. When covering long distances over connecting cables, hubs can also act as repeaters by regenerating the signals without any transmission loss.

Modem

A modem is a device that transmits signals using cables. The digital signals from the source are converted to analog signals using a modem and transmitted across the lines to a receiving location. The modem at the receiving location reverses this transformation and provides a digital output for users. There are different types of modems used in networks based on the type of data transmitted, the transmission mode, and the connection to the transmission line.

Bridge

As the name implies, a bridge is a device that connects the different segments of a network. The bridge acts as a link device that stores and forwards frames across different segments within a network. With this functionality, a network can be divided into different segments with its own collision domain and bandwidth. Most importantly, a bridge also filters content based on the MAC addresses of the source as well as the destination.

Gateway

The gateway acts as a passage that connects two dissimilar networks together. Networks often have different transmission protocols such as Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP). Gateways are used to bring them together and translate between their networking technologies. One of the distinguishable features of gateways is that they can operate at any layer of the network.

Access Points

Access points typically refer to a wireless device in a network. However, a wired connection can also be considered an access point. This acts as a portal for other devices in a network to connect to the LAN. In wireless connections, an access point comes with a transmitter and a receiver, which are used to build a wireless LAN (WLAN). There can be multiple access points based on the size of a network.

Network Cabling

After devices, cabling is the next critical component in a network. Despite the advances we have made in wireless technology, a vast majority of networks around the world still rely on cables for data transmission. This makes network cabling one of the most critical aspects of a network infrastructure.

Network cables come in different types. The type of cable used for a network depends on various factors such as the architecture of the system, network structure, size, etc. Let’s check out some of the common cables used in a network.

Twisted Pair Cable

This is the most used cable in networks. These cables are mainly used in ethernet networks. Even modern LAN networks across the world still use these cables for connectivity. These are insulated copper wires that come in different colors. Each copper wire is twisted with another one to form a pair. There could be up to four pairs of twisted cables in a wire. This comes as both unshielded or shielded cables, and they can be chosen based on one’s requirement.

Fiber Optic Cable

A fiber optic cable comes with a center glass core, which is protected by different insulation materials. The major difference here is that it replaces the metal wire that was used to transmit electrical signals. This is widely used in areas where high bandwidths are required. Most importantly, its resistance to lightning and moisture makes it the ideal choice for connecting networks between two buildings.

Coaxial Cable

This one comes with a single copper conductor in the center core surrounded by different layers of insulation. It was most popular in the 80s and 90s when it was used to connect television sets to home antennas. Despite the advent of other cabling materials, coaxial cables still continue to be in use in LANs in different parts of the world. Although it is difficult to install these cables, the ability to handle great lengths and resist signal obstruction make it a popular choice in networks.

In addition to these popular choices, other types such as multipair cable, crossover cable, USB cable, etc., are also widely used in network infrastructure.

Creating a Local Area Network (LAN)

A LAN is a small network, which is typically set up within an office to connect a few devices in a specific location. This is mainly done to share resources within the network. The most popular type of LAN is the ethernet. Here, you need to connect the network switches to the computers with the help of an ethernet cable. Once all the devices are connected, you will be able to share and distribute resources within the network.

When multiple computers are connected to the same printer in your office, it is done using the LAN framework. In a similar way, you can also connect mobile devices and other computers with each other. Let’s check out the process involved in establishing a local area network.

Equipment Required

Computers, network switches, ethernet cable, other devices that need to be connected to the network (printers, servers, etc.).

If you are connecting your LAN to the Internet, you may also need other devices such as a router, a modem and an Internet connection.

Connect the Computer

You can connect the computer to the network switch with an ethernet cable. When you connect the network switch to the computer for the first time, it will open the setup wizard. Even if the network wizard is not opened, you can find the setting in the “Network and Sharing Center” in Windows PC or “System Preferences” in Mac. Once there, you can proceed with the setup through the series of automatic steps.

Wi-Fi Setup and Internet Connection

This step is required only if you need your devices to be connected wirelessly. Your router or network switch will provide the information on how to do the Wi-Fi setup. Once you set it up and get it working, the devices you connected to the ethernet will also work wirelessly.

If you need access to the Internet on your LAN, you also need to configure your router at this stage. You also need to make sure that your LAN is set up with passwords and firewalls to ensure safe connection to the Internet.

Connect Your Other Devices

Once everything is set up, it is time to connect your other devices such as printers, mobiles, servers, etc. Connecting to the ethernet is pretty simple and straightforward. All you need to do is connect the ethernet cable to the device. For wireless connection, you need to turn on the device, select the wireless connection from the list of networks and connect to it with your secure password.

Configuring Network Devices

Configuring your network devices comprises a lot of processes such as defining policies, assigning network settings, implementing controls and more. In physical networks, network administrators have to make extensive configuration by managing their network appliances as well as the software. However, in virtual networks, this process is simplified as there is no need for any manual configuration of physical appliances.

Preparation is key when it comes to configuring a network. Setting up a network focuses mainly on meeting the communication objectives of the organization. The basic configuration of any network can be segmented into three different parts – router configuration, host configuration and software configuration. Let’s take a brief look at each of these tasks.

Router and Switch Configuration

Your routers play an extremely valuable part in your network. Apart from sending data packets from one network to another, routers can also be used to enhance network security, minimize vulnerabilities, and sometimes speed up the connection of your network. A switch, on the other hand, is used to connect different devices in a network.

When configuring your network router, you need to log in as an administrator and change the IP address and SSID settings as per your needs. To log in, you can either try out different IP addresses on your browser (168.0.1, 168.1.1, 10.1.1, etc.) and wait for the login page to open, or you can check the “Network & Internet” settings and locate the “Default Gateway” to identify the IP address. Either way, this will give you access to the router.

Once you have gained access, you can change the username, password, IP address, and SSID (network name) through your router. You can also configure remote settings here and create guest networks if required.

For small networks, manual configuration is sufficient. However, this process can get extremely difficult for organizations that have medium or large networks. Any errors in the basic configuration will make the process even more hectic. If you have such a network, you need an enterprise-grade configuration management tool that can incorporate configuration changes throughout the organization.

Host Configuration

When you are initially setting up the network, you will be required to provide the host settings for the network. You can view and edit the host settings by opening the “Host Settings” page in your system. Your basic host configuration for your network can be done using the following ways:

  • Hostname – You can modify the name of your host here as per your requirement.
  • NIS, NIS+ or DNS Name – You can configure these domains based on what is applicable to your machines.
  • Server configuration – This is similar to DNS configuration where each domain is supported by a set of servers.
  • Proxy – You also need to configure proxy addresses for FTP or web to link with the core.

Software Configuration

Once the router and hosts are configured, it is time to configure all the network-based software in your system. There are different types of software tools available for network functions. Depending upon the size, functionality, and complexity of the networks, administrators choose their software tools. Some of the commonly used software tools are:

Network Monitoring Software

This helps you discover, monitor, and maintain all the systems and endpoints in your network. It gives you complete visibility into your network architecture and helps you stay on top of any network issues before they can occur.

Intrusion Detection Systems (IDS)

Security is a major concern in any type of network. This is security software that monitors the network for any type of potential malicious activity. Network administrators will get instant alerts in case of any intrusions or harmful activities that may affect the network.

Network Virtualization Software

This allows network administrators to combine their hardware and software resources to create virtual networks, which are completely a software-based administrative entity. With network virtualization software, you can avoid reconfiguring a network every time you have to move your virtual machines across different domains.

03
Network Design Architecture

One of the most critical aspects of a network lies in how well it is designed. There could be several devices and components interconnected in a network, so the effective functioning of a network lies primarily in how these devices are brought together. Key to understanding network design architecture is an understanding of the various network layers.

Network Design Architecture

Network Layers

There are several layers in a network, and they all have a specific functionality. These layers work together and transmit data from one point to another. Although most modern networks are based on the simpler TCP/IP model, the seven layers in the Open System Interconnection (OSI) model are still prevalent in today’s networks. Let’s take a brief look at these network layers.

Physical Layer

This is the lowest layer in the OSI model. This layer transmits raw unstructured data bits from one node to the next. This layer of the network contains physical resources including modems, network adapters, repeaters, cabling, and network hubs. This layer also acts as a receiver that receives transmitted data from another device and sends it to the Data Link layer for further processing.

Data Link Layer

This layer is responsible for transferring data between two different nodes on a network that are physically connected to each other. The packets received from the source are broken down into frames and transmitted to the destination. This layer also makes sure that any errors made in the physical layer are corrected before transmission. This layer consists of two parts: Logical Link Control (LLC) for identifying network protocols and Media Access Control (MAC) for connecting devices with the help of their MAC addresses.

Network Layer

This layer is responsible for transmitting data from one host to the other based on the addresses present in the frames. The network layer is responsible for two main functions – breaking up and reassembling segmented data into network packets and discovering the best path for data packets to travel across a physical network. This layer typically identifies the source and destination node with the help of the network address (IP address) of the devices.

Transport Layer

The transport layer, as the name implies, is responsible for the delivery of data packets from one layer of the network to the other. The data it receives from the upper layers (session layer and above) are called segments. At this layer, the segments are broken down into frames and forwarded to the network layer. This layer also focuses on data flow and error control to ensure smooth transmission of data. At the receiving end, it reassembles the frames into segmented data.

Session Layer

This layer is responsible for smooth communication between different devices in a network. During data transmission from one device to another, this layer establishes a channel for communication called sessions. The most important aspect of this layer is to keep these sessions open and ensure proper functionality while the data is being transmitted. Once the communication is over, the session is closed.

Presentation Layer

Also known as the translation layer, this layer is responsible for formatting the received data and making it suitable for the application layer. Based on the rules for encoding, encrypting, and compressing data in the application layer, the presentation layer manipulates the data and transmits it across the network. At the receiving end, it also takes the data from the application layer and prepares it for the lower-level layers.

Application Layer

This layer is at the very top of the OSI model. This layer helps display the relevant data to the end users. It interacts with software applications such as web browsers to present the information in a meaningful way to the users. At the same time, this layer also creates the data that must be transmitted across the network through the other layers.

Despite being formulated way back in 1983, this seven-layer network design is still relevant as it helps visualize a network and how it operates. This knowledge helps in identifying network problems and troubleshooting them.

Hierarchical Network Design

Cisco came up with the hierarchical network design model as one of the most popular ways of setting up an open network. This three-layer model soon became an industry-wide adopted model as it is renowned for its ability in creating a scalable, reliable and cost-efficient internetwork. Just like the different layers of the OSI model, the three layers of the hierarchical design have their own functionalities.

Let’s check out the functions of these layers briefly:

Core

The core layer forms the backbone of the network. The sole purpose of this layer is to interconnect all the distribution blocks. For that purpose, this layer does not need many high-level features or security policies. By doing so, this layer accommodates fast transportation between various distribution switches in the network. A critical feature of this layer is that it should be fault tolerant. Any issue in this layer will affect all users. Hence, recovery should be as quick as possible in case of an inevitable failure.

Distribution

This layer forms the major communication point between the core layer and the access layer. It does that by routing, filtering, and providing WAN access for the network packets that travel through it. This layer controls the boundary between the access and core layers by incorporating access lists and other filters. In addition to providing policy-based connectivity, this layer must also determine the best path for handling service requests in the network.

Hierarchical Network Design

Access

This layer forms the edge of the network where endpoints such as workstations and printers are connected. It provides users with the “access” to the network, and it forms the first line of defense when it comes to security. This layer has various functions such as providing continued access control and policies, creating separate domain collisions and connecting with the distribution layer. As it has multiple functions and needs to support various endpoints, this layer is highly rich in features.

This design provides great value by maximizing performance, allowing scalability and ensuring network availability. Although the three-tier model is the most popular one, some small network enterprises also use a collapsed core two-tier design, where the core and distribution layers are merged into one. This approach reduces the network costs, while performing most of the functions of the three-tier network. Hence, it is more practical for small networks that do not grow significantly over time.

The hierarchical model is applicable to both WAN and LAN designs. Some of the additional benefits of this model are as follows:

  • This three-tier model makes a network stable, scalable, and deterministic. When a network is deterministic, any changes made to it will have predictable outcomes, ensuring no surprises for network admins.
  • This model ensures better network management and helps isolate the issues that create trouble for the network.
  • As networks grow larger and more complex with different technologies, protocols, and configurations, the hierarchical design simplifies this complexity into a small, understandable model.
  • This model allows for better filter or policy creation and helps users scale efficiently to accommodate future growth requirements.
  • With multiple links connecting various devices, the model provides better redundancy. If one link fails, there are alternative paths for data packets to reach their destination.

Routing Protocols

Routing Protocols refer to the set of defined rules that help data get from source to the destination in the smoothest way possible. These protocols help update the routing table with relevant information, and they define the way in which network routers communicate with each other. Also, these protocols define the best paths between two different nodes in a network.

They can be broadly classified into two types – static and dynamic.

Static Routing Protocols

Static routing protocols are used when a system administrator manually sets the route between the source and destination network. Since there is more control over the network, it offers better security. To make this happen, the administrator has to know how the routers are connected. Although this eliminates overhead and minimizes unused bandwidth, it can be quite time-intensive and not typically used in extremely large networks.

Dynamic Routing Protocols

In this type, the information added to the routing tables is automated. Whenever there is a change in the network topological structure, the updates are sent across the network and the changes are made automatically. Due to their automatic nature, these protocols are easy to configure even in large networks. Also, if a link goes down, there will be several alternate paths for the data packets to travel.

Routing Information Protocols

This is used in both LAN and WAN networks. The very first version of the protocol, RIPv1, communicates with the network by broadcasting its IP table to all connected routers. The maximum hop count here is 15, which is relatively low and unsuitable for large networks. A hop occurs when a data packet is passed from one device to another. There are several versions of this protocol, and the newer versions use different methods to communicate with the network.

Other Classification

Here are some other classes of network protocols:

Distance VectorLink State
Sends entire routing table full of information to connected devicesRouters notify each other upon detecting routing changes
Measures distance between source and destination based on how many hops data must pass throughUses algorithm to measure the distance between source and destination
Uses distance to figure out the best path for data packets to travelUses the cost of resources and the speed of the path to destination, to figure out the best path
Interior GatewayExterior Gateway
Exchange information within a single autonomous systemExchange information with different autonomous systems
Metrics used – Maximum transmission unit, load, delay, bandwidth, reliabilityProtocols used – network addresses, routers, route costs, neighboring devices
ClassfulClassless
Subnet mask information not sent during routing updatesSubnet mask information sent during routing updates
Eg: RIPv1 and IGRPEg: RIPv2, EIGRP, OSRF, etc.

Redundancy Planning

As your network gets large, there is a risk of failure between the links that connect various devices. If there is a single instance of link failure, it has the potential to disrupt the entire network. This is why backup systems are needed to ensure more stability and uptime to a network. This is acheived by redundancy planning.

Redundancy planning essentially consists of adding additional devices and links in a network to ensure seamless communication during single points of failure. This process is critical because the entire network can be taken offline if the networks don’t have alternate paths for data packets to travel.

There are two major types of redundancy planning in networks:

Fault Tolerance

This ensures full hardware redundancy in a network. The applications in the network are mirrored across two or more similar systems. In case of a failure, the mirrored backup systems will kick in immediately and ensure seamless data transfer. This type of redundancy planning is quite expensive and difficult to incorporate. Hence, it is mainly used in systems where downtime is not acceptable under any circumstances.

High Availability

This type of redundancy planning involves using clusters of servers that monitor each other for failure. In case of an unavoidable failure, the failover protocols (backup servers) will take over immediately and restart the applications. There is a small amount of downtime involved here as the backup servers take some time to reboot the applications. However, this requires less infrastructure and is relatively inexpensive.

Expanding the Network

When a business grows, its networking requirements grow proportionally. To keep up with this growth, a network design should accommodate scaling. A scalable network supports smooth future growth. In such networks, there will be no need for a redesign of the entire network from scratch. Only the specific layers can be altered to meet the additional demand.

When designing a scalable network, make sure you implement the following principles:

  • Use expandable devices that can be upgraded to accommodate additional capacities in the future.
  • Use a hierarchical network model where the capacity of one layer can be increased without disturbing the other layers.
  • Plan IP addresses (IPv4 or IPv6) carefully when designing a network to eliminate the need to rename or readdress devices when additional devices are added.
  • Choose multilayer switches and routers to filter out undesirable traffic and limit broadcasts.
  • Implement redundant links in the networks between various critical devices.
  • Allow mobility by implementing wireless connectivity in the network.
  • Use a scalable routing protocol.
Network Design Best Practices

04
Network Design Best Practices

Regardless of size, how a network is designed impacts your monitoring capabilities and overall performance. To get the most from continual monitoring, network design best practice must be followed.

When designing an efficient & effective network, you need to focus on various aspects like its scope, connectivity, framework, visibility, scalability, reporting, data management and more.

The following best practices will give you an idea of the factors you need to consider when designing a network.

Keep the Design Simple

The first thing you need to follow is to eliminate the unnecessary complexity in your design. As your design gets more complex, additional hardware and software is introduced, creating additional potential points of failure or inefficiency. Keeping it simple helps you establish a clear monitoring and reporting process in your network. If complexity is unavoidable, make sure there are sufficient benefits to balance it.

Follow the FCAPS Framework

There are several functions in network management, and these functions need to follow a proper framework to ensure seamless functioning. The FCAPS model gives you such a framework. Here, F stands for fault management, C for Configuration, A for accounting or administration, P for performance, and S for security.

Fault management – Identification and resolution of network issues

Configuration – Focuses on the configuration of network devices, policy implementation and provisioning

Accounting or Administration – Tracks resources utilization for billing or administers network with privileges, passwords, etc.

Performance management – Manages the overall performance of the network

Security management – Protects the network by controlling authentication and access to network resources

Make the Network Scalable

A critical part of network design planning also concerns showing flexibility to accommodate future growth. A few years down the line, your IT infrastructure is likely to witness some major changes regarding hardware and software. You need to consider factors like power consumption, space, backup requirements, support, etc. Your plans should also consider the additional bandwidth demands of your network as you scale it.

Network Visibility

With the massive increase in cybercrime every year, network blindspots are a major concern for all network professionals. By getting a comprehensive view of your network, you can identify these blindspots and eliminate the weaknesses in your network. Moreover, when you get to view everything from a single-pane-of-glass, you can easily identify unexpected behavior in your network. For instance, if there is an unresponsive hardware or software utility in your network, it will immediately alert the technician to resolve the issue. By designing a network with improved visibility, you can avoid performance bottlenecks in the future.

Reporting and Alerts

Continuous reporting helps administrators understand the overall performance of the network. Reports should be created for different audiences based on their ability to understand the network. It should not be complex for the top management to read as they need to come up with management decisions based on the report.

The next critical aspect of the design phase is setting up alerts and triggers for various issues and events. You need to define normal behavior in the network, and any deviation from it should alert a trigger. When you set up proper alerts, you can detect issues early in your network and resolve them instantly. This will ensure the smooth functioning of the network with minimal downtime.

Data Management

The network monitoring process requires collecting large volumes of data. When designing your network, you need to make sure that this huge volume of data does not slow down your troubleshooting process or impact the performance of monitoring. By aggregating the collected data, you can generate quicker reports and eliminate the performance lag in your network. The storage space for data and the aggregation process should be included in your network design.

05
Network Monitoring Protocols

Any failure in networks will stop the flow of information, and this will ultimately bring down the business operations to a stop. Therefore, network monitoring is critical in networks of all sizes. Network monitoring protocols are formulated mainly because it is impossible to manually monitor all activities within a network in real time.

There are several components in a network, and some components are so intricate that they are often neglected by the administrators. Network monitoring protocols help in tracking the data on traffic from network links and come up with solid reports on network activities. Based on the collected data, network operators can manage the network effectively.

There are several network monitoring protocols, and they all focus on critical aspects related to discovery, monitoring, mapping, notification and reporting. Let’s check out some of these protocols.

Network Monitoring Protocols

Simple Network Management Protocol (SNMP)

This is a standard protocol that collects data from any devices attached to the network including modems, routers, switches, servers, printers, etc. Based on the information gathered, the network’s CPU usage, latency, broadband utilization, status of the interference, etc., are monitored.

Due to its simplicity, vendors are able to develop SNMP agents suitable for different types of network-based products. SNMP agents play a critical role by carrying out requests, responding to various queries and indicating the occurrence of events in a network.

A major component of SNMP is the Management Information Base (MIB), which has a catalog of objects. An object is something for which information is collected. For instance, bandwidth utilization can be an object. Based on the information delivered by these objects, the status of a device is determined. IT managers use this information in the SNMP to check the health of their network.

Internet Control Message Point (ICMP)

This protocol is designed specifically for error reporting. Its main function is to check whether the data has reached its destination without any problems within the stipulated timeframe. In case of delivery failure, an error message is generated and sent to the user. Being a protocol developed only for error messages, ICMP does not interfered in the data exchange between network devices.

In addition to sending error messages, ICMP also performs diagnostics on a network. The error messages of ICMP are relayed in the form of datagrams, and they contain an IP header as well as the message. Network admins can use these messages while troubleshooting their network and using diagnostic utilities. Common error messages in ICMP:

  • Source quench message: Indicates an unusual increase in packets transmitted.
  • Time exceeded: The network router discards the datagram when the time-to-live (TTL) value reaches 0.
  • Parameter error message: There is a mismatch in packet traffic, and the reception of packets is halted.
  • Unreachable destination message: This error appears when the destination is unavailable due to port failure or hardware failure.

Cisco Discovery Protocol (CDP)

This is a network monitoring protocol designed just for Cisco devices. This ensures that all Cisco systems are properly managed by allowing discovery of these devices and learning how they are configured in a network.

Similar to other protocols, this one also generates information from various devices in the network including servers, routers, switches, modems, etc. You can enable this protocol only in the required sections of your network and collect data only from that part. This protocol works only on Cisco devices, and it cannot be used in any other networks.

Best Practices for Network Monitoring

06
Best Practices for Network Monitoring

Most networks are highly complex, thanks to the evolving business requirements and increasing threats to data security. Even the most basic network has different utilities and applications for various purposes like communication, security, operations, data management and more. Hence, it is not confined to one particular domain of a business. Any failure in the network can cause a massive downtime or result in drastic data loss. Hence, the performance of their network is critical for businesses of all sizes.

A network administrator can assure performance only through continuous monitoring. Network monitoring is the most critical function of network management as it allows organizations to keep track of their network devices and check if everything on the network is working properly.

When incorporating a network monitoring solution, certain best practices must be followed to help you achieve what you intend to achieve through monitoring. Adopting these best practices can help you identify network issues much faster and bring down your Mean Time to Resolve (MTTR).

Systems Overview

A network must be continuously monitored even when there are no issues. This can be done by having a dashboard that provides a complete overview of your network components along with their statuses. If you have multiple networks in your organization, you must have a unified interface that provides an integrated view of everything that is happening in multiple networks.

Availability Monitoring

You need to ensure that all devices in your IT infrastructure are available and performing the required tasks. This is highly critical to ensure 100 percent uptime in your network. Network devices such as routers, servers, and switches should always be monitored to see if they are performing without any issues. In addition, you also need to ensure adequate bandwidth availability for consistent data delivery, disk space availability for data storage, and critical services availability to ensure seamless functioning of emails, FTP, HTTP, etc.

Hardware Monitoring

All networks include a range of hardware devices such as routers, switches, storage devices, servers, and more. Without this hardware, there is no network. These hardware components are prone to different types of wear and tear. Your monitoring process should analyze your hardware health to see if everything is functioning normally. For instance, a faulty CPU can result in maximum utilization and slow down the network, and poor fan speed can increase the temperature of critical components and cause damages. With regular monitoring, you can prevent these issues and ensure smooth performance.

Configuration Monitoring

There are plenty of network issues that originate from incorrect configuration. In some cases, configurations are changed when new devices or applications are added to the network. When making these changes, you need to ensure that you don’t break a feature that is already working. Configuration management can help you verify the changes every time and back up changes that are working smoothly. With proper configuration monitoring, you can prevent issues from happening in the first place rather than providing fixes.

Escalation Management

An escalation plan should be a common feature in all networks. When an issue inevitably occurs, it needs to be resolved in the shortest possible time to ensure minimal downtime. For this, you need to have a policy on who should be alerted for a particular problem and define their level of accountability. You also need to have backup plans for how to handle an issue when a concerned person is not available. By creating a proper escalation management plan, you can easily prevent small issues from turning into a major network-wide problem.

High Availability

In many cases, a system for network monitoring is also established. If the network goes down due to a major issue, the monitoring system will also be down. This can be prevented if you have a failover strategy through High Availability. For instance, if the data collected by your network monitoring system is also backed up in a remote site, a network engineer will have access to the data even if the entire network goes down. This will ensure quicker detection of network issues and resolution.

07
Network Security

Network security, in its broad sense, focuses on taking adequate precautions using the right physical and software tools to protect the integrity, accessibility and confidentiality of a network. Since there are a multitude of devices and technologies in a network, the term ‘Network Security’ by itself is an umbrella term that comprises the different strategies involved in preventing network intrusion.

Network security works hand-in-hand with endpoint security to protect an organization’s IT infrastructure. While endpoint security concerns the protection of individual endpoints, network security focuses on how various devices interact with each other while transferring data between them.

To better understand the different techniques for protecting your network, here is an overview of the most common threats posed to networks and individual computer systems.

Network Security

Common Threats to Network Security

Threats to network security are nothing new. Cybercriminals are always on the lookout for a vulnerable system they can breach to make some quick bucks. Over the years, these threats have become more and more sophisticated, so it is essential for network security solutions to keep up.

Here is a list of common threats to network security:

Malware Threats

Ransomware has become the most popular type of cyber security threat in recent years. According to Statista, over 51 percent of organizations that got hit with ransomware ended up paying the ransom. Cybercriminals are coming up with new ways to infiltrate networks with ransomware. Once infiltrated, all your documents will be locked till you pay the ransom, and there is no guarantee that your documents will be released even if you do pay the ransom.

Spyware and Adware

These are software programs surreptitiously installed on your computers without your consent. Once installed, an adware program will collect information about your browsing habits and show you targeted advertisements. Spyware, on the other hand, collects your personal information such as email address, passwords, financial information, and even credit card numbers. These programs subject you to a high risk of identity theft.

Distributed Denial of Service (DDoS)

This is one of the most powerful weapons that cybercriminals have against legitimate networks. A DDoS attack is carried out by overwhelming the target user’s networks with malicious traffic. When the network gets overwhelmed, legitimate users will experience a denial of service. DDoS is often used as an act of sabotage, protest, or even revenge and, as a successful attack prevents legitimate users from accessing the target's website, it causes both business disruption, with associated financial implications, and reputational damage.

Social Engineering/Phishing Attacks

These attacks use psychological manipulation to make unwitting people click on malicious links containing worms or malware. According to Purplesc, 98 percent of all cyberattacks are executed through social engineering. A naïve corporate employee clicking on a malicious link will provide a hacker with access to huge volumes of sensitive information. It remains more prevalent because of the ease with which it can be carried out. The recent dramatic increase in remote working has led to an even more dramatic rise in these attacks with many specifically referencing Covid-19 or typical lockdown activities such as watching TV streaming services.

SQL Injection Attack

Most modern databases are based on Structured Query Language (SQL). It is also widely used in web servers for storing data for websites. By injecting malicious SQL code into one of these data-driven applications, hackers can gain access to private data and even destroy it without a trace. This type of attack poses one of the major threats to data privacy and confidentiality.

Man-in-the-Middle Attack

This occurs when an attacker intercepts a private communication between two users. By gaining access to this private message, the attacker can either steal the data shared between the users or send forged messages impersonating another user.

Cryptojacking

This type of attack has become increasingly popular recently with the emergence of cryptocurrencies into the mainstream. This involves the use of another person’s computer for mining cryptocurrency. Since businesses come with large networks and bandwidths capable of crypto mining, they are often victims of illegal cryptojacking. This is conducted through a regular social engineering attack where mining codes are downloaded in a user’s computer after clicking a malicious link. Once infected, the hacker can execute the code and start mining cryptocurrencies.

Given the variety of threats, it is increasingly difficult to keep track of them. To further complicate the situation, new threats are constantly appearing. In these uncertain times, the best way to defend your network is by making it impregnable by following the necessary security protocols and incorporating the right security controls.

Basic Components of Network Security

In summary, there are four major components of network security. Every organization, irrespective of its size, must focus on these basic elements to build a resilient posture that guards their network.

1. Network Access Control (NAC)

One of the major issues with network security is unauthorized access to critical information by various users. This could be external attackers, internal employees, partners, or even third-party vendors. With NAC, network administrators can define who can and cannot access the information in the network.

The best thing about NAC is that it can be incorporated at any level. For instance, administrators can grant full access to all top-level executives but limit the access for certain users based on their roles and functions. Similarly, NAC can also be device-specific, so it can prevent employees from accessing the network via personal devices.

In modern-day sophisticated systems, behavior analytic tools are used to define anomalous behavior or unusual traffic activity. Once this is defined, any signs of these behaviors will generate instant notifications for the administrator.

2. Firewall Protection

As you may know already, firewalls act as a barrier that monitors incoming and outgoing traffic in a network. They are one of the first lines of defense in network security. You can define a set of rules to decide what type of traffic can be allowed or blocked. This helps firewalls differentiate between trusted and untrusted networks.

When configured properly, a firewall can allow trusted users to access all the available network resources while simultaneously blocking hackers and malicious programs from the network. Although a firewall acts as the first line of defense, it cannot be the only defense to a protected network.

There are different types of firewalls that can be incorporated in a network:

Packet-Filtering Firewalls

This is the most basic type of firewall that can be installed in a network. It creates a checkpoint at a switch or a router and filters the data packets that pass through it. Various factors such as packet origin, destination, packet type, port number, etc., are identified before the packets are allowed to pass. This can be very helpful as a basic security device, but sophisticated attackers can easily bypass them through IP spoofing.

Application Layer Firewalls

As the name implies, this firewall operates at the application layer of the network as a gateway and filters the incoming traffic. When data packets arrive at this point, this firewall connects with the source of the data and checks the incoming traffic. Apart from routine inspection, they can also perform detailed inspections to determine if the traffic contains malware.

Circuit-Level Firewalls

This firewall operates by verifying the transmission control protocol (TCP) handshake. It applies different types of security mechanisms to make sure that the packet is legitimate at the TCP check. Once the TCP handshake is established, there is no further filtering or monitoring of data packets. This is one of the simplistic types of firewalls that approves or denies traffic quickly.

Stateful Inspection Firewalls

By combining the packet inspection technology and the TCP handshake check technology, the stateful inspection firewalls have created a higher level of security in comparison with the other two. Despite offering high-level protection, these firewalls are resource intensive and may put an additional strain on networks. This could even slow down the packet transfer as a result.

Next Generation Firewalls

Recently, there have been various firewalls that are being touted as next generation. There are many features that can be considered next generation. Some of them include surface-level packet check, TCP handshake check, and deep-level packet check. These firewalls can also work together with intrusion detection systems to create a solid defense against cyberthreats.

As you can see here, the different types of firewalls have different levels of security against threats. Based on your needs and network requirements, you can use one or more of these firewalls when building your network defense.

3. Intrusion Prevention System (IPS)

A network comprises multiple access points, and hackers may gain access to it through any of these points. This is where an intrusion prevention system comes into play. The role of the IPS is to continuously monitor a network for malicious activities and take preventive actions as defined by the administrator. Based on the notifications received from the IPS, network administrators may configure their firewalls or close access points to prevent incoming traffic.

Intrusion Detection System (IDS) is another type of security solution with similar functions. However, while the IPS can take preventive actions against threats, IDS just monitors for threats and sends notifications to administrators.

IPS typically uses different types of prevention approaches to deter unauthorized access into secured networks. These approaches are as follows:

Signature-Based

This method uses patterns of predefined signatures to detect and prevent incoming attacks. If an incoming attack matches any of the signatures already defined by the administrator, the system will deploy the appropriate prevention techniques to deter the attack.

Statistical Anomaly-Based

This method uses anomalous activities originating from within to deter a potential attack. For instance, if there is an unusual surge in network traffic during unusual hours, the system will check the protocols and determine what is normal for that network at that time. Upon detection, the network administrator will be notified instantly of the behavior. In this method, the baselines for alarm must be configured intelligently. Otherwise, you might face a lot of false alarms in the system.

Policy-Based

In this approach, network administrators configure security policies for the system based on organizational requirements and the network infrastructure. Any activities that violate these policies will trigger a notification and alert the administrator. Based on the severity of the trigger, the administrator will take the necessary actions.

4. Security Information and Event Management (SIEM)

Security Information and Event Management is a software solution used specifically for enterprise-level security as it provides a holistic view of an organization’s entire IT infrastructure. It collects security information from various parts of the network including devices, network controllers, servers and more. Once the data is collected, it applies analytics to the data and discovers threat patterns that need to be investigated.

In addition to alerting the administrator, SIEM also plays a critical role in preventing the progress of any harmful activity. For instance, when a new potential threat is discovered, the alert generated by the SIEM will trigger security controls to stop the activity with immediate effect.

There are two different technologies that are critical to the functioning of SIEM. They are – Security Information Management (SIM) and Security Event Management (SEM). SIM focuses on collection of information from log files to analyze and report on various potential security threats. SEM, on the other hand, focuses on real-time monitoring of the network and provides instant notifications to network administrators if any potential network vulnerabilities are detected.

The working process of SIEM can be described as follows:

  • Data Collection: All relevant security information from network devices, controllers, operating systems, firewalls, security tools, etc., is collected by SIEM. The sources must be configured to feed information to SIEM on a regular basis.
  • Normalization and Aggregation: The SIEM tool segregates the collected data based on events and incidents, following the policies defined by the administrator. The administrator pre-configures normal activities and security incidents to categorize the data successfully.
  • Data Analysis: The categorized data is analyzed, and correlation rules are applied to identify potential threats by linking individual events to security policies or predefined patterns.
  • Notification: If the analysis reveals a violation of security policies or patterns, a notification is sent to the administrator about the potential issue.

Other Types of Network Security Methods

Network security comprises a lot more than the four basic components we have discussed. Due to the complex nature of today’s security requirements, network architecture is constantly evolving to neutralize these threats. Vulnerabilities can exist in any part of the network. If, by any chance, hackers gain access to these vulnerabilities, it could result in widespread disruption and massive downtime to a company with inevitable financial and reputational damage.

To avoid this, you need to focus on incorporating a wide range of security controls. Some of the best ways of securing a network are as follows:

Access Control

A network that provides uncontrolled access to everyone is extremely vulnerable to an attack. While malicious insiders and outsiders are a massive threat, a small negligence by a naïve employee can also wreak havoc on your network. It is for this reason that you need to limit the access of people who use your network. By incorporating a strong security policy, you can prevent unauthorized devices and people from entering your network.

Endpoint Security

Endpoints often become the target for attackers as they provide easy access to a network. By incorporating endpoint monitoring in your system, you can add an extra layer of security to your network. Endpoint monitoring solutions like RMM can monitor your devices in real-time and detect any signs of intrusion.

Anti-Malware

There are different types of malware used by hackers to infect a network. These viruses, worms, trojans, spyware, etc., can also spread across a network and lie undetected for days or months till a hacker decides to attack the network. With an anti-malware or anti-virus system, you can detect these infections early and resolve the damages they may cause to a network.

Application Security

Applications are vulnerable to various attacks. Hackers often figure out security loopholes in applications over time. Hence, all applications need to be up to date. With regular patching, you can prevent hackers gaining control of your outdated applications.

Behavioral Analytics

A baseline should be established by the network administrator on what normal behavior looks like in a network. This baseline should be configured in behavioral analytics software so that it can spot anomalies or breaches in your network as soon as they appear. This early detection is critical in minimizing data loss and increasing uptime.

Email Security

Your email offers the easiest route for an attacker to target a system. It still is one of the most prevalent ways in which a network could be compromised. A social engineering email containing a suspicious link can easily lure an unwitting employee to click on it. You need to incorporate email security to prevent incoming attacks as much as possible or outgoing messages from carrying certain types of files. Such attacks have become increasingly sophisticated, so it is important that you use a modern email security system specifically designed to protect against them. Many well-established email security solutions were designed for older, less sophisticated attacks, so may not be as effective as you need.

Data Loss Prevention

This is something you can incorporate exclusively in your databases. This tool can prevent data leakages when they are in transit, in use, or at rest. You can use this to block your sensitive data from being leaked outside of your organizational boundaries.

Network Segmentation

This involves dividing network traffic based on certain classifications. This helps direct the right traffic to the right destination and filter out the rest. It helps network security by preventing traffic from unknown or unauthorized sources. Moreover, if the network is compromised, this helps confine the damages only within the compromised segment.

Mobile Security

Mobile devices can often be a target of security threats as they contain plenty of personal information. It is also becoming widely prevalent that employees use their mobile devices for certain aspects of work. Mobile security solutions ensure that network traffic stays private and does not leak through mobile devices.

Virtual Private Network (VPN)

VPNs are used to authenticate communication between an endpoint and a secure network. This tool also creates an encrypted line between an endpoint and a network. This prevents external eavesdropping when communication takes place.

Web Security

This is the best way to prevent visits to malicious sites, either unwittingly or intentionally. With a web security tool, you can limit access to certain sites that could contain malware. In addition to limiting traffic, this also protects your employees and customers from other web-based threats.

Importance of Network Monitoring

08
Importance of Network Monitoring

Businesses work hard to meet the requirements of their customers. In situations like this, network outages and performance issues can be extremely costly in addition to being inconvenient. The performance of a network cannot be compromised under any circumstance, and this is possible only with the help of a network monitoring solution.

As networks are becoming more complex and sophisticated, the number of components in a network have increased considerably. Network monitoring solutions need to keep pace with these changes and monitor more devices. When a multitude of devices and other components come together, some level of device or component failure is inevitable. The main aim of a network monitoring solution is to detect these failures and report to the administrators as soon as possible.

A network monitoring solution continuously monitors your IT infrastructure for potential issues or component failures. It monitors network components such as devices, servers, security solutions, etc. In addition, it also monitors client systems and software for any potential issues that might impact a network. Once an issue is detected, network administrators will be alerted so that they can fix it immediately.

Features of a Network Monitoring Solution

A network monitoring solution performs the following functions:

Real-time Monitoring

A network can be compromised in a multitude of ways. For instance, hardware issues or high CPU usage can bring it to a grinding halt. With real-time monitoring, you can quickly identify these issues and fix them instantly.

Automatic Asset Discovery

This is a critical feature to ensure that no devices in the network remain unmonitored. When a new device is added to the network, users should not go through the trouble of manually adding it to the monitoring solution as it could be accidentally overlooked and left unmonitored. In addition, automatic discovery can also alert administrators to any new device that is added to the network, allowing unauthorized devices to be quickly discovered.

Intelligent Alerts

Detecting network issues is just one part of the network monitoring solution. Alerting the right personnel with all information including severity, priority, location, etc., is important for a monitoring solution.

Network Reporting

A network monitoring solution should also be able to generate and share reports with the right users. The report must be detailed with all aspects of security and performance. Some of the modern tools have automatic report generation features that generate periodic reports and send them directly to the appropriate stakeholders.

Network Maps

A visual representation of what a network looks like is helpful for users. Network maps provide an abstract of the network with all the essential details that need to be considered by administrators. It also displays the glaring errors and performance issues in particular components.

Scalability

As organizations grow, their networks grow proportionately. When this happens, new devices get added, old devices get replaced, existing segments get consolidated and more changes happen. The right network monitoring solution must be able to accommodate this growth.

Benefits of Network Monitoring

When a network monitoring solution functions effectively, it should deliver:

Optimal Performance

With continuous monitoring, you can ensure optimal performance of the network. By detecting errors early and gathering performance data on various components, issues like slowdown, downtime, component failure, etc., can be avoided in the network.

Efficiency and Cost Savings

A network monitoring solution eliminates the need for an administrator to manually perform all the monitoring tasks. This boosts efficiency in the monitoring tasks and helps avoid costly errors.

Reduced Risk

When you have a network monitoring solution, it is possible to significantly reduce risk. Everything from unauthorized usage to password changes to malicious behavior can be monitored. Any issues arising from these changes can be prevented and risks can be reduced significantly.

Compliance Adherence

Many regulatory bodies require some form of network monitoring to ensure security and optimal performance. With a network monitoring solution, clients can also ensure compliance with the concerned regulatory body.

09
What to Look for In a Network Monitoring Solution

According to Markets and Markets, the network management systems market is expected to grow from $7 billion in 2019 to $11 billion in 2024 with a growth rate of 9.5 percent per year.1 Zero network outage is no longer a luxury as it is more of a critical requirement. Hence, organizations of all sizes are investing heavily in network performance monitoring solutions.

Since network monitoring is an essential part of protecting your company’s IT infrastructure, you need a reliable solution that can help you maximize uptime and boost efficiency. When choosing a solution, you need to consider the following factors:

What to Look for In a Network Monitoring Solution

Easy Deployment and Use

The solution must be easy to deploy and use. The right solution provides complete visibility into your IT environment with minimal steps involved in the set-up process.

Seamless Integration with RMM

Your remote monitoring and management solution should be able to seamlessly integrate with your network monitoring solution. With this integration, you can take control of your entire IT infrastructure and proactively monitor your system from a single application to give a holistic view of the network.

Automatic Discovery

When a new device is added to your network, it should be automatically discovered and configured without any manual intervention. This helps you monitor all newly added devices without any interruption and get a complete status update on their performance. It also provides protection against unauthorized devices joining your network. Similarly, it can also identify devices that have been removed.

Topology Map

With an automatically generated topology map, you get an accurate and up-to-date visual representation of all components in your network along with their status. Most importantly, you also get to identify the connections between different devices and what role they play in your network.

SNMP Alerts

Simple Network Management Protocol allows you to collect and organize information about managed devices on IP networks and modify that information to change device behavior. SNMP alerts can notify you of potential issues with any SNMP-enabled components of your network. For instance, an alert about device overheating or network breach can help you identify the issue immediately.

Remote Access

With remote access to various devices, you can easily troubleshoot issues from any location without manually locating the device or, in some cases, physically being on the same network.

Auto-Remediation

For various alerts and triggers, you can set up auto-remediation workflows on what steps need to be taken to resolve the issue. A network monitoring solution with this feature can help resolve issues automatically without waiting for a network engineer to come and fix the issue. This will prevent downtime and ensure the seamless functioning of the network.

Multiple Methods of Monitoring

There are different methods of monitoring devices, including SNMP and Windows Management Instrumentation (WMI). This can help you monitor devices better, troubleshoot problems, and support future growth.

Conclusion

A well-designed and well-maintained network functions effectively without any interruption. This smooth performance is critical as it helps businesses achieve their profit goals and serve their customers properly.

This guide has been designed to document all the critical elements in designing and managing an efficient, effective and secure network. All networks are different and every organization has different requirements, so use the best practices detailed here as a framework that you can adjust to suit your own unique circumstances.