Bandwidth Management and Optimisation Training

This will be an intense hands-on five (5) day training to teach skills required for bandwidth management and optimization at the Campus environment

Objective

The main objective of the training is to empower the various network administrators from the various institutions with skills that will enable them to effectively manage the networks of the various institutions that they represent. This will enable them to ensure the bandwidth they are been provided with is been used for academic work and not been consumed by viruses, spam, peer-to-peer traffic and other malware.

Who Should Attend?

This course is designed for technical staff that operates a TCP/IP network and intends to provide connectivity to both students and faculty.

Requirements

The participants are required to be conversant with Linux/Unix commands. All participants are required to submit current network diagrams for discussion during the Case Studies. Each participant is also required to bring a laptop.

Course content

This is a hands on training experience where the participants will setup a Bandwidth Management and Optimization Box using a wide variety of tools in both Unix and Linux.

The training will begin by introducing the students to the importance of network management and best campus design principles. The training will also give them skills on how to troubleshoot common campus network problems and teach them how to install and manage network monitoring tools. They will also be taught bandwidth management principles within a campus environment and how to develop and implement bandwidth policies.

Course Cost

This is a cost recovery based training and the Participants will contribute an amount to cater for their accommodation and the trainers time. This cost will cost USD...... Per Participant.

Registration

All participants will be nominated by the ICT Director/ ICT Head at the Institution . All nominations should be received by 15th July 2013

Timetable

BMO Tools

Cacti

Nagios

Smokeping

mtr/Traceroute

Iperf/MLAB

Wireshark

Dig

DHCP Snooping

DHCP snooping should be configured for edge switches (provided it is supported by the switch). The objective is to prevent incorrectly configured clients from behaving as DHCP servers and hence assigning false IP addresses to other clients. This has become a problem and can be avoided by implementing DHCP snooping with its associated blocking function. It is important that this function is only implemented in client ports and not on trunk or network ports.

Traffic Storm Control

The port should be configured so that broadcast traffic is blocked when its volume exceeds a pre-defined acceptable threshold (e.g. 10 %).

Port security

The port security functions can be used to enable better access control to a given switch port. This allows only a certain number of machines (MAC addresses) behind a given port. The configuration should be such that authorised machines still have network access after any additional machines are connected. Only the additional machines are blocked. The function is recommended especially in connection with printers in open areas, so that these switch ports are not misused. As a minimum requirement, all client ports should be configured with a high value which exceeds practical usage, so as to prevent flooding of the CAM table. Note that network ports (ports connecting to other network equipment) must not have this type of configuration.

IP source gaurd/ Dyanmic IP lockdown

This is a mechanism which prevents forgery of IP addresses from the client machine. Only the IP address assigned to the client by DHCP or any statically registered address can be used behind the port. If a switch supports this function, it is recommended that it be actuated on client ports. The function may require that DHCP snooping is also being used.

Dynamic ARP Inspection

This mechanism protects against “man-in-the-middle” attacks which send false ARP packets pretending to behave as a router. If the switch knows which IP addresses should belong behind which ports it can effectively block attempts at pretending to be somebody else by way of ARP. This function should definitely be considered, but may require that DHCP snooping is also in use.

Port unicast and multicast flood blocking

If packets are sent to new, false MAC addresses, these will always be sent out to all the ports on a switch. A deliberate attack may hence degrade performance for the entire environment behind the port. This may be prevented by configuring this function. If a switch supports this property, one should consider actuating it on all client ports.

Squid Delay Pools

IPPlan

NETDOT

Nmap

Rancid

Tcpdump

References

http://www.google.co.ke/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDgQFjAA&url=http%3A%2F%2Fwww.terena.org%2Factivities%2Fcampus-bp%2Fpdf%2Fgn3-na3-t4-ufs105.pdf&ei=tbnXUYakJonS0QWR0IDICg&usg=AFQjCNHXIJ2_kM8CJxfTSJrLwMapti-EHw&sig2=d8bHdGW9R7xX0DdqWNDtvA&bvm=bv.48705608,d.ZWU

https://github.com/aptivate/inaspmaterials

https://nsrc.org/workshops/2009/summer/detailed.html

https://nsrc.org/workshops/2012/marwan-nsrc-nmm-sec/wiki/Agenda

https://nsrc.org/workshops/2012/marwan-nsrc-nmm-sec/wiki/Agenda