S 2.143 Development of a network management concept

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

It should be possible to centrally administrate and monitor the manifold IT systems consolidated in a local network, e.g. server systems, terminal devices, printers, active network components, etc., on a network level at a suitable location. Centrally administrating the network components must be preferred over local administration, since the administration efforts can be reduced and the security requirements can be defined and controlled centrally in this case. Central network management is primarily used in order to guarantee the availability and integrity of the network, as well as the integrity and confidentiality of the transmitted data. This task is very complex and should be supported by use of a network management tool.

Before procuring and operating such a network management system, the first step is to draw up a concept formulating all security requirements for network management and suggesting appropriate safeguards to be taken in the event of errors or alarms. In doing so, the following parts of the network management concept must be taken into consideration in particular when drawing up the concept and must be represented in an overall context.

• Performance measurements for network analysis (see S 2.140 Analysis of the existing network environment)
• Reactions to error messages of the monitored network components
• Remote maintenance/control, particularly for the active network components,
• Generation of trouble tickets and escalation in the event of network problems (this may be used to provide a connection to system management and user helpdesk systems and/or external message transmitters, e.g. pager, fax, etc.).
• Logging and audit (online and/or offline)
• Integration of any existing proprietary systems and/or systems with different management protocols (e.g. in the field of telecommunications)
• Configuration management for all IT systems used (see also S 4.82 Secure configuration of active network components, amongst other safeguards)
• Distributed access to the network management functionalities (administration or audit may require remote access to the network management functionalities. Carefully defining and granting the access rights is particularly necessary at this point.)

The specific requirements regarding a network management tool are described in S 2.145 Requirements for a network management tool. These must allow for the implementation of the network management concept.

Review questions:

• Are the network components administrated centrally?
• Are there performance measurements for network analysis?
• Are reactions to error messages of the monitored network components planned?
• Are the generation of trouble tickets and escalation during network problems planned?
• Is the network traffic logged and audited?
• Existing proprietary systems and/or different management protocols: Is their integration taken into consideration?