Network Monitoring
This area focuses on network monitoring of the campus network. General requirements and framework conditions for monitoring is given. Netflow/IPFIX analysis is covered. Security monitoring, anomaly detection and behaviour analysis are also dealt with. Particular considerations for IPv6 monitoring are given. References to a number of open source tools are given, many of which are developed within the GÉANT community.


	Anonymity in Campus Networks This document focuses on the anonymity of campus networks. The negative aspects of anonymity for a university's reputation are discussed. The challenges of solving security incidents are dealt with. The main problem with anonymity occurs when an offender leaves footprints on the Internet that lead back to the university. This document provides recommendations for how to set up anonymity in the campus network from both a technical and legislative point of view.
	Framework Conditions and Requirements for Network Monitoring This recommendation defines the requirements and framework conditions for network monitoring in campus networks. Fault management, accounting management and performance management are covered. An approach using a toolkit of task-specific monitoring tools is recommended. A centralised alarm system should also be considered. The need for a robust monitoring system is emphasised, whose location requires careful consideration. The system itself should be monitored, and its level of redundancy should be evaluated. In addition, security must be a high priority for any monitoring system.
	Network Monitoring and Management Recommendations The purpose of this document is to provide an insight into basic NMS (Network Management System) activities, along with recommendations for administrators of campus and/or local networks intending to apply the NMS tools within their networks.
	Monitoring Tools for Network Services and Systems In this document, a complete overview of network services monitoring is given. Planning monitoring and different monitoring techniques, as well as their pros and cons are described. A thorough review of monitoring tools, ranging from self-written scripts to commercial products, is given.
	Network Monitoring Based on IP Data Flows Detailed network monitoring is becoming even more important, as the amount of illegal activities increases each year. Flow monitoring appears to be a robust and promising method, which makes automated search and classification of network incidents possible. The network administrator can gain an overview of which IP addresses and services use the most bandwidth. Network scans and any attack systems incidents can be detected.
	Network Security Monitoring and Behaviour Analysis The purpose of this document is to provide an insight into network security monitoring and behaviour analysis for administrators of campus network and computer security incident response team members. The document describes flow-based network security monitoring systems and how to deploy them in a campus network. The process of NetFlow generation, collection and anomaly detection are detailed.
	Recommendations for Network Traffic Analysis using the NetFlow Protocol The purpose of this document is to provide users with detailed information regarding proper configuration of the NetFlow protocol in a campus environment. Situations where devices do not support the NetFlow protocol are presented, and alternate solutions provided. Basic methods of NetFlow statistical analysis are also covered.
	Experiences with IDS and Honeypots There are a number of ways to secure networks and network devices. A defence-in-depth approach is recommended, which will set up a defence perimeter at many levels. This can be complemented by deploying intrusion detection systems (IDS). The document summarises the experiences CESNET has in the field of intrusion detection and prevention.
	Practical IPv6 Monitoring on Campus The IPv6 protocol creates new challenges for network administrators. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC, because an IPv6 address can be randomly generated and keeps changing. Computers with an IPv6 stack can also communicate via predefined tunnels over the IPv4 infrastructure. This tunnelled traffic usually bypasses network security implemented in firewalls. This document discusses the major monitoring issues of IPv6. A practical solution for the monitoring of both IPv4 and IPv6 traffic is proposed. The solution is based on SNMP and NetFlow data, and provides ways of identifying user traffic.
	Organizing a Network Operations Centre on Campus This document discusses Network Operation Centres from the perspective of Funet member organisations relative to the Funet NOC. The document includes a brief description of what a Network Operation Centre is and presents models on how to organize a NOC. The document also discusses commonly used tools that are essential to NOC operations and how to use them. Network monitoring tools are not included in the scope of this document.
	Monitoring of RADIUS Infrastructure This document describes the implementation of the system used for monitoring a complex server authentication hierarchy based on the RADIUS protocol. The solution presented herein has been developed within the eduroam® service of the Academic Network of Republic of Serbia (AMRES). The eduroam® authentication infrastructure requires a suitable monitoring system, which enables testing the functionalities of all the RADIUS servers this service comprises. The monitoring system has been designed to provide a sufficiently detailed insight into the state of the RADIUS infrastructure, while not infringing upon user privacy as required under the eduroam® policy.