One area within the subject of convergence that has received surprisingly little press, and that is conspicuously missing from industry product offerings, is Network Management targeted at the connected devices. The ISO defines five elements of network management: fault, configuration, accounting, performance and security. Some or all of these are implemented in a variety of Network Management Systems (NMS).
Let's examine how these systems acquire their information. The easiest technique is a ping sweep using the common "ping" command, where a range of IP addresses is polled to determine existence on a network. Ping only provides information on the existence of a device but not any further information about the device itself.
Alternatively, a set of IP addresses can be inserted manually. Address Resolution Protocol (ARP) can then be used to discover the MAC address associated with each IP address.
Simple Network Management Protocol (SNMP) enables the gathering of information about the device itself, depending on what was implemented in design by the device manufacturer. Most major IP camera manufacturers support SNMP, but only a few, including Axis and Pelco, support the more secure SNMP version 3. Many security devices do not support SNMP, but topology information can still be gained if the device is connected to a managed switch.
In the context of IT, there are several proven NMS packages such as HP OpenView, SolarWinds and Whatsup Gold that have evolved to provide the IT manager a range of capabilities, including performance management, diagnostics, process monitoring and problem isolation. Such tools have become an indispensible asset for IT managers - particularly in enterprise-class systems. These are IT-centric tools, however, and are arguably too expensive, too intimidating, and, in all likelihood, overkill for the physical security manager. These packages typically focus on the switch infrastructure and may not easily identify common device issues such as intermittent connection problems.
This begs the question, "What does the Physical Security Manager need for network management when the network is separate from the corporate network (or even if it isn't)?" Let's look at the features and requirements of NMS tools as they might apply to physical security:
- Network topology: Ideally, an NMS should let you know what devices reside on the network, information about them (e.g., MAC address and IP address), and how they are interconnected, including switch port interconnections.
- Network performance: Are any of the communication links indicating no communication or excessive bandwidth use? Is there an underlying trend or pattern?
- Device performance: Are any of the devices displaying delays in responses or intermittent outages? Not all problems are caused by network performance. Ping response times can easily identify an overloaded or troubled device.
- Device configuration: Have device operating parameters been properly configured? For example, improper subnet mask settings can make it difficult to uncover issues.
- Network installation and configuration: The system should provide a record of initial installed configuration, if possible, and changes from the baseline configuration. It should readily flag issues such as duplicate IP addresses and provide for preloading of IP addresses where static IP addresses should be assigned, e.g., IP cameras and video servers. Some systems can auto-provision the IP address of a faulty device with the same address of a like device.
- Network documentation: The NMS should be capable of downloading a document, such as a .csv file that snapshots the configuration and allows for later analysis, on or off-site.
- Problem diagnostics: The NMS should be a primary tool in pinpointing such issues as duplicate IP and MAC addresses, non-PC systems, overloaded or misbehaving devices, intermittent communications, connection faults, faulty devices and/or NIC cards, broadcast or multicast spikes or storms. Further it should be capable of alarms based on certain parameters via e-mail, or text, or tied into another management system.