中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetworking TechnologiesNetworking TCP/IPAn IPv6 Deployment Guide Chapter 7: Network Management

7.2.1.3 Security Aspects

One of the most complex things to decide is the security of management information and procedures. There are several things to take into account in this area:

• The security of the management information itself and the priority of its traffic.

The management information should stay under the network administrator’s control. Part of this information is usually not publicly available; it is reserved for administrators to control the normal network behaviour or to gather statistics data on the traffic flows… When there is congestion or an overload in (part of) the network, then it is efficient to have predefined the class of traffic the management information belongs to. It is a good way to insure the management information remains available to the administrator when the traffic is slowed down for whatever reason.

• The security of the operational procedures.

Operational procedures are defined so the network management information and the access to the network resources are accessible almost at anytime. For general outage there is no real solution but these situations are becoming rare at least in developed countries. The operational procedures should be designed to take into account unusual events so the administrator knows in advance what he has to do (urgent actions to take, who to warn etc.). These procedures are usually only known by a restricted group of people and are written down.

• The security of the network equipments and their access.

Access to the network equipments is obviously not granted to anyone. Security measures have to be implemented adequately. Moreover, a backup way (or ways) to access the network equipments in case of outage have to be predefined (for instance the IPv4 connectivity can be used to access dual stacked equipments when IPv6 routing is broken). Usually, for critical resources, phones lines or ISDN allow access to the equipment in case of outage. These accesses are part of the network management; they should be considered during the conceptual phase of building the network and then be checked on a regular basis when the network has been put into operation.
‹ 7.2.1.2 Information Flowsup7.2.1.4 Maintenance ›