One area within the subject of convergence that has received surprisingly little press, and that is conspicuously missing from industry product offerings, is Network Management targeted at the connected devices. The ISO defines five elements of network management: fault, configuration, accounting, performance and security. Some or all of these are implemented in a variety of Network Management Systems (NMS).
Let's examine how these systems acquire their information. The easiest technique is a ping sweep using the common "ping" command, where a range of IP addresses is polled to determine existence on a network. Ping only provides information on the existence of a device but not any further information about the device itself.
Alternatively, a set of IP addresses can be inserted manually. Address Resolution Protocol (ARP) can then be used to discover the MAC address associated with each IP address.
Simple Network Management Protocol (SNMP) enables the gathering of information about the device itself, depending on what was implemented in design by the device manufacturer. Most major IP camera manufacturers support SNMP, but only a few, including Axis and Pelco, support the more secure SNMP version 3. Many security devices do not support SNMP, but topology information can still be gained if the device is connected to a managed switch.
In the context of IT, there are several proven NMS packages such as HP OpenView, SolarWinds and Whatsup Gold that have evolved to provide the IT manager a range of capabilities, including performance management, diagnostics, process monitoring and problem isolation. Such tools have become an indispensible asset for IT managers - particularly in enterprise-class systems. These are IT-centric tools, however, and are arguably too expensive, too intimidating, and, in all likelihood, overkill for the physical security manager. These packages typically focus on the switch infrastructure and may not easily identify common device issues such as intermittent connection problems.
This begs the question, "What does the Physical Security Manager need for network management when the network is separate from the corporate network (or even if it isn't)?" Let's look at the features and requirements of NMS tools as they might apply to physical security:
- Network topology: Ideally, an NMS should let you know what devices reside on the network, information about them (e.g., MAC address and IP address), and how they are interconnected, including switch port interconnections.
- Network performance: Are any of the communication links indicating no communication or excessive bandwidth use? Is there an underlying trend or pattern?
- Device performance: Are any of the devices displaying delays in responses or intermittent outages? Not all problems are caused by network performance. Ping response times can easily identify an overloaded or troubled device.
- Device configuration: Have device operating parameters been properly configured? For example, improper subnet mask settings can make it difficult to uncover issues.
- Network installation and configuration: The system should provide a record of initial installed configuration, if possible, and changes from the baseline configuration. It should readily flag issues such as duplicate IP addresses and provide for preloading of IP addresses where static IP addresses should be assigned, e.g., IP cameras and video servers. Some systems can auto-provision the IP address of a faulty device with the same address of a like device.
- Network documentation: The NMS should be capable of downloading a document, such as a .csv file that snapshots the configuration and allows for later analysis, on or off-site.
- Problem diagnostics: The NMS should be a primary tool in pinpointing such issues as duplicate IP and MAC addresses, non-PC systems, overloaded or misbehaving devices, intermittent communications, connection faults, faulty devices and/or NIC cards, broadcast or multicast spikes or storms. Further it should be capable of alarms based on certain parameters via e-mail, or text, or tied into another management system.
- Remote support: Given that local support for the security network may be limited, can the system provide enough information for an off-site resource to properly identify (or at least surround) the problem, enabling it to be addressed quickly?
- Network security: The system should promote overall network security by identifying rogue or wireless devices, hubs with unauthorized devices or bandwidth usage in excess of an anticipated maximum level.
- Cost: The system's cost of acquisition and support needs to be supportable within the security department's budget (or IT budget, if applicable).
- Usability: The user interface for the system should be somewhat intuitive or, at least, easily learned; and relevant to the application of physical security.
Although I have listed them at the end, cost and usability are high on my list, since you cannot use something you can't afford to purchase, and you won't use it if the interface is not correct. After that, decide what functionality is needed, what issues require immediate alarm and response and who has responsibility for providing that response.
Newer systems are evolving for our industry that promise to offer the right mix of characteristics. Such products not only offer the end-user greater network control and visibility, but the remote monitoring and diagnostic features of these systems present the system integrator with opportunities to better serve their customers and realize the revenue commensurate with that service.
