SNMP Versions
What does SNMP stand for?
Simple Network Management Protocol
What is a network baseline?
a collection of metrics that represent a network's normal working conditions.
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
identification
Which SNMP version introduced encryption?
SNMP version 3 (SNMPv3)
Why is establishing a baseline important?
it provides a starting point for measurement and comparison, allowing you to track progress, identify areas for improvement, and accurately assess the effectiveness of interventions or changes over time.
Name one method used to implement QoS.
Weighted Fair Queuing (WFQ), Class-Based Weighted Fair Queuing (CBWFQ), Traffic Shaping or Priority Queuing
What is the purpose of the containment step?
to limit the impact of a detected security breach by isolating the affected systems and preventing the threat from spreading further within the network
Describe a key difference between SNMP v1 and v3.
SNMP v3 offers robust security features like user authentication and encryption, while SNMP v1 lacks these security measures and relies on plain-text community strings
How often should a network baseline be reviewed?
at least once a quarter.
Why is QoS important for VoIP applications?
it prioritizes voice traffic over other data on a network, ensuring smooth and reliable voice calls by minimizing issues like packet loss, latency, and jitter.
Describe the eradication step.
the step in an incident response process where the root cause of a security threat is completely removed from a system or network, essentially eliminating the malicious activity and ensuring the threat is no longer present.
What are the security features of SNMP v3?
Authentication to verify the source of a message, privacy to encrypt the data within the message, and message integrity to ensure a packet hasn't been tampered with during transmission
What tools can be used to establish a network baseline?
Network monitoring platforms (NMPs) including SolarWinds, PRTG, Zabbix, Datadog, network sniffers (like Wireshark), protocol analyzers, flow analysis tools (NetFlow, sFlow), and configuration management tools (Ansible, Puppet, Chef)
Explain the difference between traffic shaping and traffic policing.
Traffic shaping actively delays packets exceeding a set rate to smooth out traffic flow, while traffic policing simply detects and discards packets that violate the rate limit, causing immediate packet loss
Why is the lessons learned step important?
it allows teams to reflect on past projects, identify what went well, what went wrong, and then actively implement improvements in future projects
Why is SNMPv3 considered the most secure option?
It provides robust authentication and encryption mechanisms
How does understanding the baseline inform decisions about system optimization or troubleshooting?
It provides a clear picture of what "normal" looks like for your system so you can effectively diagnose problems when they occur.
How can you monitor QoS performance?
use network monitoring tools to track key metrics like packet loss, latency, jitter, bandwidth utilization, and traffic prioritization
What lessons can be learned from this incident to improve future responses?
identifying and addressing communication gaps, improving collaboration between teams, enhancing training on critical procedures, reviewing and updating response plans based on the incident's challenges