Blog Date: 10/1/2010
Author: Ray Coulombe
One area within the subject of convergence that has received surprisingly little press, and that is conspicuously missing from industry product offerings, is Network Management targeted at the connected devices. The ISO defines five elements of network management: fault, configuration, accounting, performance and security. Some or all of these are implemented in a variety of Network Management Systems (NMS).
Simple Network Management Protocol (SNMP) enables the gathering of information about the device itself, depending on what was implemented in design by the device manufacturer. Most major IP camera manufacturers support SNMP, but only a few, including Axis and Pelco, support the more secure SNMP version 3. Many security devices do not support SNMP, but topology information can still be gained if the device is connected to a managed switch.
In the context of IT, there are several proven NMS packages such as HP OpenView, SolarWinds and Whatsup Gold that have evolved to provide the IT manager a range of capabilities, including performance management, diagnostics, process monitoring and problem isolation. Such tools have become an indispensible asset for IT managers - particularly in enterprise-class systems. These are IT-centric tools, however, and are arguably too expensive, too intimidating, and, in all likelihood, overkill for the physical security manager. These packages typically focus on the switch infrastructure and may not easily identify common device issues such as intermittent connection problems.
Let's look at the features and requirements of NMS tools as they might apply to physical security:
- Network topology: Ideally, an NMS should let you know what devices reside on the network, information about them (e.g., MAC address and IP address), and how they are interconnected, including switch port interconnections.
- Network performance: Are any of the communication links indicating no communication or excessive bandwidth use? Is there an underlying trend or pattern?
- Device performance: Are any of the devices displaying delays in responses or intermittent outages? Not all problems are caused by network performance. Ping response times can easily identify an overloaded or troubled device.
- Device configuration: Have device operating parameters been properly configured? For example, improper subnet mask settings can make it difficult to uncover issues.
- Network installation and configuration: The system should provide a record of initial installed configuration, if possible, and changes from the baseline configuration. It should readily flag issues such as duplicate IP addresses and provide for preloading of IP addresses where static IP addresses should be assigned, e.g., IP cameras and video servers. Some systems can auto-provision the IP address of a faulty device with the same address of a like device.
- Network documentation: The NMS should be capable of downloading a document, such as a .csv file that snapshots the configuration and allows for later analysis, on or off-site.
- Problem diagnostics: The NMS should be a primary tool in pinpointing such issues as duplicate IP and MAC addresses, non-PC systems, overloaded or misbehaving devices, intermittent communications, connection faults, faulty devices and/or NIC cards, broadcast or multicast spikes or storms. Further it should be capable of alarms based on certain parameters via e-mail, or text, or tied into another management system.
- Remote support: Given that local support for the security network may be limited, can the system provide enough information for an off-site resource to properly identify (or at least surround) the problem, enabling it to be addressed quickly?
- Network security: The system should promote overall network security by identifying rogue or wireless devices, hubs with unauthorized devices or bandwidth usage in excess of an anticipated maximum level.
- Cost: The system's cost of acquisition and support needs to be supportable within the security department's budget (or IT budget, if applicable).
- Usability: The user interface for the system should be somewhat intuitive or, at least, easily learned; and relevant to the application of physical security.
Link to Complete Article as it appeared in Security Technology Executive Magazine