Network management part1

By -

Network management

Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems.

The functions performed by a network management system can be categorized into the following five areas:-

· Fault management: - The goal of fault management is to detect, log, notify users of, and automatically fix network problems to keep the network running effectively. Because faults can cause downtime or unacceptable network degradation, Fault management involves first determining symptoms and isolating the problem. Then the problem is fixed and the solution is tested on all-important subsystems.

· Configuration management: - The goal of configuration management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed.

· Accounting management: - The goal of accounting management is to measure network utilization parameters so that individual or group uses on the network can be regulated appropriately.

· Performance management: - The goal of performance management is to measure and make available various aspects of network performance so that internetwork performance can be maintained at an acceptable level. Example includes network throughput, user response times, and line utilization.

· Security management: - The goal of security management is to control access to network resources according to local guidelines so that the network cannot be sabotaged (intentionally or unintentionally) and sensitive information cannot be accessed by those without appropriate authorization. A security management subsystem, for example, can monitor users logging on to a network resource and can refuse access to those who enter inappropriate access codes.

image

Network contains number of managed devices such as routers, bridges, switches, and hosts

Network management involves monitoring and altering the configuration of such devices.

An Agent is a part of network management system that resides in a managed device.

Agents provide management information about the managed device and to accepts instructions for configuring the device.

Network management station provides graphical view of the entire system.

The manager exchanges management information with agent by using a network management protocol.

Simple Network Management Protocol

SNMP consists of three key components: managed devices, agents, and network- management systems (NMSs).

A managed device is a node that has an SNMP agent and resides on a managed network.

These devices can be routers and access server, switches and bridges, hubs, computer hosts, or printers.

An agent is a software module residing within a device. This agent translates information into a compatible format with SNMP.

An NMS runs monitoring applications. They provide the bulk of processing and memory resources required for network management.

The SNMP manager provides the interface between the human network manager and the management system.

The SNMP agent provides the interface between the manager and the physical device(s) being managed.

The SNMP manager and agent use an SNMP Management Information Base (MIB) and a relatively small set of commands to exchange information.

The SNMP MIB is organized in a tree structure with individual variables, such as point status or description, being represented as leaves on the branches.

image

A long numeric tag or object identifier (OID) is used to distinguish each variable uniquely in the MIB and in SNMP messages.

SNMP uses five basic messages (GET, GET-NEXT, GET-RESPONSE, SET, and TRAP) to communicate between the SNMP manager and the SNMP agent.

The GET and GET-NEXT messages allow the manager to request information for a specific variable.

The agent, upon receiving a GET or GET-NEXT message, will issue a GET-RESPONSE message to the SNMP manager with either the information requested or an error indication as to why the request cannot be processed.

A SET message allows the SNMP manager to request a change be made to the value of a specific variable in the case of an alarm remote that will operate a relay.

The SNMP agent will then respond with a GET-RESPONSE message indicating the change has been made or an error indication as to why the change cannot be made.

The SNMP TRAP message allows the agent to spontaneously inform the SNMP manager of an "important" event.

Structure of Management Information (SMI)

SMI defines the structure of the MIB information and the allowable data types. The SMI identifies how resources within the MIB are represented and named.

The philosophy behind SMI is to encourage simplicity and extensibility within the MIB.

The SNMP specification includes a template, known as an Abstract Syntax Notation One (ASN.1) OBJECT TYPE macro, which provides the formal model for defining objects and tables of objects in the MIB.

Several data types are allowed in SMI. the primitive data types consists of INTEGER, OCTET STRING, NULL, and OBJECT IDENTIFIER

Primitive data types are written in uppercase, while user defined data types start with an uppercase letter but contain at least one character other than an uppercase letter.

An OBJECT IDENTIFIER is represented as a sequence of nonnegative integers where each integer corresponds to a particular node in the tree.

Data type is used to identify a managed object and relating its place in the object hierarchy.

image

Management Information Base (MIB)

MIBs are a collection of information organized hierarchically which define the properties of the managed object within the device to be managed (such as a router, switch, etc.)

Each managed device keeps a database of values for each of the definitions written in the MIB. As such, it is not actually database but implementation dependant.

Each vendor of SNMP equipment has an exclusive section of the MIB tree structure under their control and these are accessed using a protocol such as SNMP.

There are two types of MIBs: scalar and tabular.

Scalar objects define a single object instance whereas tabular objects define multiple related object instances grouped in MIB tables.

The following keywords are used to define a MIB object:

 Syntax: - Defines the abstract data structure corresponding to the object type. The SMI purposely restricts the ASN.1 constructs that can be used to promote simplicity.

 Access: - Defines whether the object value may only be retrieved but not modified (read- only) or whether it may also be modified (read-write).

 Description: - Contains a textual definition of the object type. The definition provides all semantic definitions necessary for interpretation; it typically contains information of the sort that would be communicated in any ASN.1 commentary annotations associated with the object.

MIB Object Identifiers

Each object in the MIB has an object identifier (OID), which the management station uses to request the object's value from the agent.

An OID is a sequence of integers that uniquely identifies a managed object by defining a path to that object through a tree-like structure called the OID tree or registration tree.

When an SNMP agent needs to access a specific managed object, it traverses the OID tree to find the object.

 The MIB object identifier hierarchy and format is shown in the above figure.

RMON (Remote Network Monitoring)

RMON provides standard information that a network administrator can use to monitor, analyze, and troubleshoot a group of distributed local area networks (LANs) and interconnecting T-1/E-1 and T-2/E-3 lines from a central site.

RMON specifically defines the information that any network monitoring system will be able to provide.

The latest level is RMON Version 2 (sometimes referred to as "RMON 2" or "RMON2").

RMON can be supported by hardware monitoring devices (known as "probes") or through software or some combination.

A software agent can gather the information for presentation to the network administrator with a graphical user interface.

A number of vendors provide products with various kinds of RMON support.

RMON collects nine kinds of information, including packets sent, bytes sent, packets dropped, statistics by host, by conversations between two sets of addresses, and certain kinds of events that have occurred.

A network administrator can find out how much bandwidth or traffic each user is imposing on the network and what Web sites are being accessed. Alarms can be set in order to be aware of impending problems.

What is Network Security?

Security refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Most security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system.

· Passive - An attack such as listening to communications then attacking the encryption scheme off line may be done.

image

Attempt to learn or make use of information from the system but do not affect system resources

• Two types:

  • Release of message contents

ex: telephone conversation, sensitive info in the form of a file, etc.

  • Traffic analysis
  • Pattern analysis

• Difficult to detect, so emphasis on prevention rather than detection

· Active - A common attack of this type is the man in the middle attack. During this attack the attacker may try to convince the victim that they are communicating with another party when they are really communicating with the attacker. The attacker may use the attack to gain passwords or other vital information.

image

Attempt to modify data stream or create a false stream.

• Easy to detect but difficult to prevent.

• Types:

Masquerade - impersonating by replay of valid authentication sequence.

Replay – capture data unit and use it in retransmissions to produce unauthorized effect.

· Dictionary attack - A means attacking a system to determine passwords from hashed or encrypted passwords.

image

An impostor can also mount a man-in-the middle attack by simultaneously impersonating both a legitimate client and a legitimate server.

image

To deal with these threats, the following security requirements are needed: privacy or confidentiality, integrity, authentication, non-repudiation, etc.

1) Confidentiality (the information cannot be understood by anyone for whom it was unintended)

only sender, intended receiver should “understand” message contents

– sender encrypts message, receiver decrypts message

2) Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected)

Sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information)

4) Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information)

Comments

Post a Comment

Popular posts from this blog

Packet Switching Networks part2

By -
Image
ROUTING TABLES Routing Table for Virtual circuit networks • virtual circuit identifier determines the destination Routing table for datagram networks Specialized Routing Flooding · Principle of flooding : a node (or a packet switch) forwards an incoming packet to all ports except to the one it arrived on. · Each node (a switch) performs the flooding process such that the packet will reach the destination as long as at least one path exists between the source and the destination. · Flooding is a useful o when the information in the routing tables is not available, such as during system startup, o when survivability is required, such as in military networks. o when the source needs to send a packet to all hosts connected to the network (i.e., broadcast delivery). • Flooding generates vast numbers of duplicate packets In figure, initially one packet arriving at node 1 triggers three packets to nodes 2, 3, and 4. In the second phase nodes 2, 3, and 4 send two, two, and thre...
Read more

Packet Switching Networks part1

By -
Image
What is a Computer Network? • Communication Networks: “Sets of nodes that are interconnected to allow the exchange of information such as voice, sound, graphics, pictures, video, text, data, etc…” • Telephone Networks: “ The first well established and most widely used communication networks which are used for voice transmission” – Telephone networks originally used analog transmission as a transmission technology for the information. However, digital transmission started to evolve replacing a lot of the analog transmission techniques used in telephone networks. • Computer Networks: “Collection of autonomous computers interconnected by a technology to allow exchange of information” A network is a series of connected devices. Whenever we have many devices, the interconnection between them becomes more difficult as the number of devices increases . Some of the conventional ways of interconnecting devices are a. Point to point connection between devices as in mesh topology. b. Conne...
Read more

TCP/IP-II:OSPF Link State Update

By -
Image
OSPF Link State Update In response to LS request or trigger router will send new LS info trigger, using the LS update message Contents are composed of link state advertisements (LSA’s) LS update message is acknowledged using LS ack pkt to ensure that the flooding algorithm is reliable; Link state acknowledgement packets consist of a list of LSA headers. BGP (Border Gateway Protocol): The de facto standard for inter-AS routing, BGP: glues the whole Internet together   P ath Vector protocol Uses TCP (service port: 179) Similar to Distance Vector protocol. Each Border Gateway broadcast to neighbors (peers) e ntire path (i.e., sequence of AS’s) to destination BGP is an exterior gateway protocol (EGP), which means that it performs routing between multiple autonomous systems or domains and exchanges routing and reachability information with other BGP systems. The information exchanged among BGP routers allow a router to construct a graph of AS’s and each AS...
Read more