NETWORK MANAGEMENT & SECURITY

(CIT4035)

LECTURE 1 – NETWORK DOCUMENTATION AND POLICY

PRESENTER: KEVIN JOHNSON

1
SCHOOL OF COMPUTING AND INFORMATION TECHNOLOGY, JAMAICA (SCIT)
LEARNING OBJECTIVES
o Discuss the importance of network documentation and policy
o Outline the steps to document a network
o Explain the guidelines that provision network documentation
o Understand the various tools that can be used to assist network documentation
o Troubleshooting a network using a structured approach
o Explain how a structured naming convention helps network management

2
INTRODUCTION
 Two ways to solve network problems
1. Prevention through careful planning and management
also called Pre-emptive troubleshooting. It requires a
strategic approach based on policies.
2. Repair and control damage after a problem occurs also
called troubleshooting. An undocumented network can
be a nightmare.
 Proper management of a network begins with network
documentation.
1. Enterprise networks can have thousands of
interconnected devices.
o How would you know how to replace a
malfunctioning router if you have no
documentation?
o How would you function if your administrator
leaves the company and you have no
documentation? 3
NETWORK DOCUMENTATION IMPORTANCE

Documented configuration details enhances and validates

security

Supports backup and recovery procedures

Makes troubleshooting effective

1.Proves adherence to industry best practices and laws

4
NETWORK DOCUMENTATION POLICY OVERVIEW

 A network documentation policy defines the requirements for network

documentation.
 The policy also defines the level of network documentation required such as
documentation of which switch ports connect to what rooms and computers.
 In addition, it defines who will have access to read network documentation and who
will have access to change it.
 It also defines who will be notified when changes are made to the network.

5
NETWORK DOCUMENTATION POLICY

 Overview – Brief summary of the main points of the policy

 Purpose – Reason for the policy
 Documentation – Actual content of policy which includes software, hardware, configuration, network diagrams
etc
 Access – Specifies who have access to the network documentation and to what extent.
 Change Notification – Who are the persons to be notified in the event of a change to the network.
 Documentation Review – Details how Policy must be reviewed and kept up-to-date.
 Storage Locations – Details how policy should be stored either electronically or hard copy and in which
storage location.

6
NETWORK DOCUMENTATION SCOPE

 Software
 License keys and Warrantee information
 Active Directory Group Policy
 Device Drivers and Operating Systems
 Productivity and Support Applications
 Users and Passwords
 Login Scripts

7
NETWORK DOCUMENTATION SCOPE CONT’D

Hardware
 Workstations, Printers, Servers, Hand Held Devices and IP Phones etc
 Switches
 Routers
 Firewalls
 Patch Panels
 Wireless access point(s)

8
NETWORK DOCUMENTATION SCOPE CONT’D

 Basic network layout

 Physical - Hardware devices (i.e. switch, router, firewall, Printers etc).
o How are network devices configured?
o It is important to maintain and update physical layout maps to aid future installation and
troubleshooting efforts.
 Logical - IP addressing, connections etc
o Hosts are grouped by network usage, regardless of physical location.
o Host names, addresses, group information, and applications can be recorded on the logical
topology/layout map.
o Connections between multiple sites might be shown but do not represent actual physical
locations. 9
NETWORK DOCUMENTATION SCOPE CONT’D

Network Diagrams
 Floor Plans
 LAN Maps
 Data Jack Maps

Business Continuity
 Storage and Backup – Where are Emails and backup data are stored?
What storage devices are used to store data?
 System Restoration data – Procedure, personnel and media
 Power Protection – UPS
 Fault Tolerance and Redundancy 10
PHYSICAL NETWORK LAYOUT / TOPOLOGY MAP

11
LOGICAL NETWORK LAYOUT /TOPOLOGY MAP

12
NETWORK DOCUMENTATION GUIDELINES
According to Network Documentation (2013) the guidelines for network
documentation should include;
 Current and accurate network documentation - Usually accurate at the
installation of a network. As the network grows or changes, however, you need to
update the documentation.
 Label EVERYTHING
o Devices: routers, switches, servers, access points, etc.
o Cabling
o Network jacks
o Racks
o Ports 13
NETWORK DOCUMENTATION GUIDELINES
Basics, such as documenting your switches...
 What is each port connected to?
 Can be simple text file with one line for every port in a switch: • health-switch1, port
1, Room 29
 Director’s office • health-switch1, port 2, Room 43
 Receptionist • health-switch1, port 3, Room 100
 Classroom • health-switch1, port 4, Room 105
 Professors Office • ….. • health-switch1, port 25, uplink to health-backbone
 This information might be available to your network staff, help desk staff, via a wiki,
software interface, etc. 14
NETWORK DOCUMENTATION GUIDELINES CONT’D
o Network documentation can
be as tedious process as the
image illustrates.

o Care must be taken to

document everything

o IP addresses of various
devices must be known

o Serial and Model numbers

must also be included in the
documentation process to
keep track of devices 15
NETWORK NAMING CONVENTION
Using a standard naming convention throughout a network is critical;
o To minimizing inconsistencies which usually results in errors
o To make the troubleshooting process less tedious and time consuming.
o To make future upgrade and changes easier.
When do you need a naming convention?
o A standard naming convention will be most needed in a large, dynamic and complex environment (Ex.
Utech, Digicel, NCB)
o If you are managing only a handful of computers, a structured naming convention may not be
necessary.
16
NETWORK NAMING CONVENTION CONT’D
A structured naming convention should adhere to the following characteristics;
 Parsability / Comprehensible – Human readable names made up of acronyms
and identifiers with immediate meaning.
 Extensible – Must accommodate future device types.
 Character Count – Standardise number of characters
 Derivable – Formulaic. Completely predictable names given a set of
parameters.
 Self-Documenting – Names defined by role. i.e. Traceroute output should
make sense.
 Unique – One name => One Device.
17

 Consistency – Whatever naming convention chosen, stick to it at all times.

NETWORK NAMING CONVENTION CONT’D

Example: BAD
Inconsistencies in naming a network switch
 BAC-PC-16E-V4 ….switch 1
 TH7 -9KI ….switch 2
 HR-6-PD4K ….switch 3

Example: GOOD
[modelname]-[port count]-[sequence number] - Catalyst-24-5
Catalyst 24 5 5th 24 port catalyst switch in the series of switches
18
NETWORK NAMING CONVENTION CONT’D

19
 NETWORK DOCUMENTATION TOOLS
 Common industry network documentation tools includes but not limited to the following;

Netdot

LAN Surveyor

Smart Draw

Microsoft Visio

Net Zoom
20

QonDoc
NETWORK DOCUMENTATION TOOLS CONT’D

21
NETWORK DOCUMENTATION STEPS
Zimbler (2014) outlines the steps in documenting a network as follows;
 Create a network documentation policy
o This should detail what aspects of a network need to be documented, especially each server.
o A documentation policy also communicates to each administrator exactly what is expected of
them regarding the documentation process.
 Create a network topology diagram
o Ideally, you want this map of the network's topology to include each network segment, the routers
connecting the various segments, and the servers, gateways and other major pieces of networking
hardware that are connected to each segment.
o For larger networks, you may have to create a general segment map and make more specific maps
of each individual segment.
o Obtain or construct a building diagram or floor plan. 22
NETWORK DOCUMENTATION STEPS CONT’D
 Document server names, roles and IP addresses
o While the information included in a network topology diagram is not necessarily specific, there is certain
information that you should include for each server, even if that information has to be placed in an
appendix.
o For each server, list the server's name, its IP address and the role that the server is performing (DNS,
DHCP, mail server, etc.).
o Keep in mind that a server may be assigned multiple IP addresses or have multiple NICs, so you should
document that information too.
 Create a change log for each server
o When a server fails, the failure can often be traced to a recent change.
o As a part of the network documentation, consider making a log book for each server for documenting
changes such as patch and application installations and modified security settings.
o Not only will the log help you troubleshoot future problems, it can help you rebuild the server in the
event of a catastrophic failure. 23
NETWORK DOCUMENTATION STEPS CONT’D
 Document the applications and their versions running on each
server.
o You might also include a copy of the software license or a receipt within this
documentation just in case your customer becomes involved in a software audit.
 Document hardware components
 The documentation should include information such as:
o How is the device connected to the network?
o How is the device configured?
o Does a backup of the configuration exist?
o What firmware revision is the device running?
o Is the device configured to use a password?
24
NETWORK DOCUMENTATION STEPS CONT’D
 Document the Active Directory
o Things that you should consider documenting:
o The names of the domains in the forest.
o The Active Directory site structure.
o Where the various servers exist within the Active Directory hierarchy.
o The location and contents of each group policy.
o Any external trusts that may exist.
 Document your backup procedures
o Backup is your customer's best defense against a catastrophe, but it will do little good if nobody
can figure out how to use it.
o Be sure to document the backup software used and its version.
o You will also want to document the tape rotation scheme, a general description of what's included 25
in each backup job and where the backup tapes are stored.
NETWORK DOCUMENTATION STEPS CONT’D
 Label everything
o Get a label maker and label all servers, critical hardware components (gateways, routers, etc.) and
the most important cables.
o This will make it easy to identify the various pieces of hardware listed in your network document.
 Evaluate your documentation
o The last step in the documentation process is to evaluate your network documentation to make
sure that it's sufficient for you and your customer's needs.
o Think of your network documentation as a critical part of your disaster recovery strategy.
o When the first draft of your documentation is complete, you must ask yourself if it's good enough
to help someone with no prior knowledge of the setup to rebuild the network from scratch in the
event of a catastrophe.
o If the answer is yes, then you've done a good job on the documentation. 26