CHAPTER 10: Network Management 486
FIGURE 10.4
A Simple Physical Network
Diagram.
Image courtesy of Mark
R. Lindsey,
FIGURE 10.3
A Confusing Network
Diagram.
Image courtesy of olimould.com
Configuration Management 487
assistance of network diagram software like Microsoft Visio, SmartDraw,
and/or AutoCAD.
Many physical network diagrams, as represented in Figure 10.5, have
the site name, location, type of physical media connecting each site, and the
speed at which the site link is running at. Physically laying out your network
devices will help you conserve time and money when you finally do decide to
create or troubleshoot network issues.
Logical Network Diagrams
Logical network diagrams depict how your network looks from a computer’s
point of view and not as a physical structured layout as we might see it in our
server rooms. Protocols, configurations, IP addressing, subnets, access control
FIGURE 10.5
A Complex Physical
Network Diagram.
Image courtesy of Cisco.com
CHAPTER 10: Network Management 488
lists, security devices (firewalls, virtual private networks [VPNs], and so on),
and applications are all logically associated with a computer network and are
drawn into logical network diagrams. Notice Figure 10.6 does not show any
of the physical characteristics of Figure 10.5. In fact Figure 10.6 has details

such as IP addresses, subnets, firewalls, and logical network paths in and out
of different subnets, which are logical.
Baselines
Identifying how networks operate under “normal” conditions might help
you recognize performance, collision, and utilization issues when compar-
ing your “normal” conditions to previous periods of operation.
Over a period of time you should document the pattern of “normal” behavior
in your environment, which is called a baseline. Baselines should be tracked at
particular times of day. Baselining activities may include when servers reach
maximum allocation, when a router and switch have the highest activity dur-
ing the day, and when users are most likely to surf the Internet. Creating a
FIGURE 10.6
A Logical Network
Diagram.
Image courtesy of Dustin L. Fritz
Configuration Management 489
baseline early and continuing to do analysis on this baseline will help you
understand your network better which assists in identifying problems earlier
in the troubleshooting process.
Choosing a baseline method can depend on the size of your network
and how many users you have. There are free tools on the Internet that can
assist with collecting network statistics, which can then be used to output
statistical reports for later analysis. Many baseline tools collect and monitor
activity on the network, as well as on various hardware components such as
CPU, memory, hard drive, and network interface cards (NICs). Other hard-
ware baseline applications are placed in between Wide Area Network (WAN)
links to simply measure throughput, check for packet errors, and identify
bottlenecks. Figure 10.7 is an example of a network baseline tool.
Policies, Procedures and Configurations
Network management would be impossible without policies, procedures,

and configurations. A calculated plan of action to guide decisions and
achieve sound outcomes is the goal of creating and adhering to policies, pro-
cedures, and configurations. Security vulnerabilities and network manage-
ment challenges are the outcomes of badly written or nonexistent policies.
FIGURE 10.7
A Network Baseline Tool.
Image courtesy of PacketTrap
Perspective
CHAPTER 10: Network Management 490
To prevent this, consider how network technicians create user accounts.
If each network technician created user accounts differently, you would have
a lot of problems troubleshooting user account issues because none of the
accounts are configured off a standard guideline. Policies provide guidelines
on who can create user accounts, for instance. Procedures are much more
than guidelines. Procedures lay out each step needed to accomplish a task.
For example, when creating a user account, the user ID may be the person’s
last name and first initial and not to exceed eight characters. Detailed steps
with procedures help execute policies.
Common policies might address the following:
End user license agreement
Network access and user accounts
Proper destruction of network devices (that is, printers)
Creating of administrative and user passwords
Periodic backups for servers and clients
Termination of user account access
Third party software authorization
User account lockout and account disabling
Missing or corrupt computer files
Malicious code discovery by users
Natural disaster affecting network connectivity

Software management and storage
IP addressing scheme for contractors
Computer naming convention for servers
Network sharing programs for users
WAN troubleshooting techniques
Federal and state computer fraud hotline
Regulations
Regulations are very important to plan and establish your local policies
and procedures because many organizations are held to state and federal
regulations which will affect their responsibilities as a public/private, for
profit, or not-for-profit business.
Configuration Management 491
Communications Assistance for Law Enforcement Act (CALEA) requires
telecommunications companies and equipment industries to allow for sur-
veillance capabilities. See report in Figure 10.8. The Federal Communica-
tions Commissions (FCC) periodically releases reports establishing new
regulations. In Figure 10.8, this report requires certain broadband and VoIP
providers to accommodate wiretaps. Visit for more
details.
Other important regulations:
Health Insurance Portability and Accountability Act (HIPAA) – “The
Office for Civil Rights enforces the HIPAA Privacy Rule, which protects
the privacy of individually identifiable health information, and the confi-
dentiality provisions of the Patient Safety Rule, which protect identifiable
information being used to analyze patient safety events and improve patient
safety.”
/>FIGURE 10.8
FCC CALEA Report.
CHAPTER 10: Network Management 492
Sarbanes-Oxley Act of 2002 – “On July 30, 2002, President Bush signed

into law the Sarbanes-Oxley Act of 2002, which he characterized as “the
most far reaching reforms of American business practices since the time
of Franklin Delano Roosevelt.” The act mandated a number of reforms to
enhance corporate responsibility, enhance financial disclosures, and combat
corporate and accounting fraud, and created the “Public Company Account-
ing Oversight Board,” also known as the PCAOB, to oversee the activities of
the auditing profession.”
/>ISO/IEC 27002:2005 – “… establishes guidelines and general princi-
ples for initiating, implementing, maintaining, and improving informa-
tion security management in an organization. The objectives outlined
provide general guidance on the commonly accepted goals of information
security management …” The control objectives and controls in ISO/IEC
27002:2005 are intended to be implemented to meet the requirements
identified by a risk assessment. ISO/IEC 27002:2005 is intended as a
common basis and practical guideline for developing organizational secu-
rity standards and effective security management practices, and to help
build confidence in interorganizational activities …, best practices of con-
trol objectives and controls in the following areas of information security
management:
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
Compliance

/>htm?csnumber=50297
Network Monitoring 493
NETWORK MONITORING
Network monitoring is a great way to identify performance and connectiv-
ity issues. Using a tool called packet sniffer allows you to collect all the data
that is being transmitted to and from your computer or between routers.
The advantage to collecting individual packets is that you will have insight
and detailed inspection of how and why certain traffic is not working. For
instance, in Figure 10.9 you can see someone is viewing a Web site. If you are
told by a user that they cannot access the Internet, you can confirm it by col-
lecting packets from the network using a packet sniffer or possibly discover
that they really are surfing the Internet. HTTP traffic is very easy to identify
in Figure 10.9 because it is presented to you with “http” and the associated
port number of 80. Along with that is the IP address that is captured in the
packet. Using packet sniffers is truly remarkable because you can quickly
FIGURE 10.9
Wireshark, an Open
Source Packet Sniffer
also known as Network
Protocol Analyzer.*
*Download Wireshark for free at

CHAPTER 10: Network Management 494
identify a network performance problem because you are seeing everything
at the packet level come across your network.
Just as documentation on configurations and changes can be helpful in
solving problems with your network so can the logs generated by the software
running on these machines. Logs are records of events that have occurred
and actions that were taken. Many systems will provide logs that will give
automated information on events that have occurred, including accounts

that were used to log on, activities performed by users and by the system,
and problems that transpired. These details make logs a valuable tool when
troubleshooting problems and identifying adverse incidents (such as intru-
sions to the system).
On many systems, the logs may be simple text files that are saved to a
location on the local hard drive or a network server. In other cases, the sys-
tem will provide a specific tool for viewing the information. For example, in
Windows NT, 2000, 2003, and XP, a tool called Event Viewer is used to view
a series of logs generated by the operating system. As shown in Figure 10.11,
Event Viewer allows you to view data stored in the following:
 Application log Contains events that are logged by individual pro-
grams or applications installed on the operating system.
 Security log Displays possible security issues that the operating
system monitors. This includes valid and invalid log-on attempts,
the use of a specific resource by an audited user, and other actions
related to security.
 System log Displays events logged by the system components of
the operating system. Information stored in this log includes facts
about drivers that failed to load properly, warnings on low disk
space and memory, remote access attempts, and other information
on the system itself.
Each of the logs in Event Viewer can be accessed by clicking on the
corresponding node in the left pane of the application. When a log is selected,
the individual events recorded in the log are displayed in the right pane of the
application (Figure 10.10). To view specific information about an event, you
simply double-click its entry in the right pane. Logs are also created by other
software and devices installed on a computer, or generated by devices that
have been configured to write information to a file stored on a particular com-
puter. For example, firewall software installed on a server would maintain its
own records of users accessing specific Web sites, downloaded files, attempts

to access restricted resources, and other information. In the same way, a door
lock system may require a personal identification number (PIN), biometrics,
Network Monitoring 495
or a card key before access is granted to the building. Such systems commonly
record authorized and denied entry attempts to a file or series of files on a
specific computer. In each of these cases, the logs provide a record that can be
reviewed in the event of a security breach or other problems.
Password Lists
Passwords are access codes that use alphanumeric and special characters that
allow you to log onto operating systems, software, or specific files. Over the
years, you’ve probably heard that passwords shouldn’t be written down, and
should only be remembered. This is generally true in most cases, as it would
be unwise to have passwords written on little pieces of paper and carried
in wallets, left on desks, or stuck to the monitors of computers. However,
there may be times when you’re unavailable and other members of the IT
staff need a particular password to fix a problem. Because of this, passwords
should also be documented so others can use them.
Password lists should contain all of the passwords used to perform
administrative or maintenance tasks on the network. This includes pass-
words for:
The administrator account on servers and workstations

Accounts that have access to modify other accounts, in case man-
agement of network accounts are needed
FIGURE 10.10
Windows XP Event Viewer.