chapter 13 network management applications. network and systems management
TRANSCRIPT
![Page 1: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/1.jpg)
Chapter 13Network Management Applications
![Page 2: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/2.jpg)
Network and Systems Management
![Page 3: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/3.jpg)
Management Applications
• OSI Model • Configuration• Fault• Performance• Security• Accounting
• Reports• Service Level Management• Policy-based management
![Page 4: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/4.jpg)
Configuration Management
• Network Provisioning• Inventory Management
• Equipment • Facilities
• Network Topology• Database Considerations
![Page 5: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/5.jpg)
Network Provisioning
• Network Provisioning• Provisioning of network resources
• Design• Installation and maintenance
• Circuit-switched network• Packet-switched network, configuration for
• Protocol • Performance• QoS
• ATM networks
![Page 6: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/6.jpg)
Network Topology
• Manual• Auto-discovery by NMS using
• Broadcast ping• ARP table in devices
• Mapping of network• Layout• Layering
• Views• Physical• Logical
![Page 7: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/7.jpg)
Network Topology Discovery
163.25.147.0163.25.147.0
163.25.145.0163.25.145.0163.25.145.0163.25.145.0 163.25.146.0163.25.146.0
163.25.146.128163.25.146.128
192.168.12.0192.168.12.0192.168.13.0192.168.13.0
140.112.5.0140.112.5.0
140.112.8.0140.112.8.0140.112.8.0140.112.8.0 140.112.6.0140.112.6.0
![Page 8: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/8.jpg)
Discovery In a Network
What to be discovered in a network ? Node Discovery
The network devices in each network segment Network Discovery
The topology of networks of interest Service Discovery
The network services provided
NetworkNetwork Topology DiscoveryTopology Discovery Network Discovery + Node DiscoveryNetwork Discovery + Node Discovery
![Page 9: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/9.jpg)
Node Discovery
Node Discovery Given an IP Address, find the nodes in
the same network. Two Major Approaches:
Use Ping to query the possible IP addresses.
Use SNMP to retrieve the ARP Cache of a known node.
![Page 10: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/10.jpg)
Use ICMP ECHO
Eg: IP address: 163.25.147.12 Subnet mask: 255.255.255.0 All possible addresses:
163.25.147.1 ~ 163.25.147.254 For each of the above addresses, use
ICMP ECHO to inquire the address If a node replies (ICMP ECHO Reply), then
it is found. Broadcast Ping
![Page 11: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/11.jpg)
Use SNMP
Find a node which supports SNMP The given node, default gateway, or
router Or try a node arbitrarily
Query the iipNetToMediaTablepNetToMediaTable in MIB-II IP group (ARP Cache)
ipNetToMediaIfIndex ipNetToMediaNetAddress
1 00:80:43:5F:12:9A 163.25.147.10 dynamic(3)2 00:80:51:F3:11:DE 163.25.147.11 dynamic(3)
ipNetToMediaPhysAddress ipNetToMediaType
![Page 12: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/12.jpg)
Network Discovery
Network Discovery Find the networks of interest with their
interconnections Key Issue:
Given a network, what are the networks directly connected with it ?
Major Approach Use SNMP to retrieve the routing table
of a router.
![Page 13: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/13.jpg)
Default Router
Routing table
![Page 14: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/14.jpg)
![Page 15: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/15.jpg)
Mapping of network
![Page 16: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/16.jpg)
Traditional LAN Configuration
Physical
Logical
![Page 17: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/17.jpg)
Virtual LAN Configuration
Physical
Logical
![Page 18: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/18.jpg)
Fault Management
• Fault is a failure of a network component• Results in loss of connectivity• Fault management involves:
• Fault detection• Polling• Traps: linkDown, egpNeighborLoss
• Fault location• Detect all components failed and trace
down the tree topology to the source• Fault isolation by network and SNMP tools• Use artificial intelligence /
correlation techniques• Restoration of service• Identification of root cause of the problem• Problem resolution
![Page 19: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/19.jpg)
Performance Management
• Tools• Protocol analyzers• RMON• MRTG
• Performance Metrics• Data Monitoring• Problem Isolation• Performance Statistics
![Page 20: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/20.jpg)
Performance Metrics• Macro-level
• Throughput• Response time• Availability• Reliability
• Micro-level• Bandwidth• Utilization• Error rate• Peak load• Average load
![Page 21: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/21.jpg)
Traffic Flow MeasurementNetwork Characterization
Four levels defined by IETF (RFC 2063)Four levels defined by IETF (RFC 2063)
![Page 22: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/22.jpg)
Network Flow Measurements
• Three measurement entities:• MetersMeters gather data and build tables• Meter readersMeter readers collect data from meters• ManagersManagers oversee the operation
• Meter MIB (RFC 2064)• NetraMet - an implementation(RFC 2123)
![Page 23: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/23.jpg)
Data Monitoring and Problem Isolation
• Data monitoring• Normal behavior• Abnormal behavior (e.g., excessive collisions,
high packet loss, etc)• Set up traps (e.g., parameters in alarm group
in RMON on object identifier of interest)• Set up alarms for criticality• Manual and automatic clearing of alarms
• Problem isolation• Manual mode using network and SNMP tools• Problems in multiple components needs
tracking down the topology• Automated mode using correlation technology
![Page 24: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/24.jpg)
Performance Statistics
• Traffic statistics• Error statistics• Used in
• QoS tracking• Performance tuning • Validation of SLA (Service Level Agreement)• Trend analysis• Facility planning• Functional accounting
![Page 25: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/25.jpg)
Event Correlation Techniques
• Basic elements• Detection and filtering of events• Correlation of observed events using AI• Localize the source of the problem• Identify the cause of the problem
• Techniques• Rule-based reasoning• Model-based reasoning• Case-based reasoning• Codebook correlation model• State transition graph model• Finite state machine model
![Page 26: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/26.jpg)
Rule-Based Reasoning
![Page 27: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/27.jpg)
Rule-Based Reasoning
• Knowledge base contains expert knowledge onproblem symptoms and actions to be taken
if thencondition action
• Working memory contains topological and stateinformation of the network; recognizes system going into faulty state
• Inference engine in cooperation with knowledge base decides on the action to be taken
• Knowledge executes the action
![Page 28: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/28.jpg)
Rule-Based Reasoning
• Rule-based paradigm is an iterative process• RBR is “brittle” if no precedence exists• An exponential growth in knowledge base poses
problem in scalability• Problem with instability
if packet loss < 10% alarm green if packet loss => 10% < 15% alarm yellow if packet loss => 15% alarm red
• Solution using fuzzy logic
![Page 29: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/29.jpg)
Configuration for RBR Example
![Page 30: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/30.jpg)
RBR Example
![Page 31: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/31.jpg)
Model-Based Reasoning
![Page 32: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/32.jpg)
Model-Based Reasoning
• Object-oriented model• Model is a representation of the component it
models• Model has attributes and relations to other
models• Relationship between objects reflected in a
similar relationship between models
![Page 33: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/33.jpg)
MBR Event Correlator
Example:
Recognized by Hub 1 model
Hub 1 model queries router model
Hub 1 fails
Router modeldeclares failure
Hub 1 modeldeclares NO failure
Router modeldeclares nofailure
Hub 1 modeldeclares Failure
![Page 34: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/34.jpg)
Case-Based Reasoning
Input Retrieve Adapt Process
CaseLibrary
Figure 13.12 General CBR Architecture
![Page 35: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/35.jpg)
Case-Based Reasoning
• Unit of knowledge• RBR rule• CBR case
• CBR based on the case experienced before; extend to the current situation by adaptation
• Three adaptation schemes• Parameterized adaptation• Abstraction / re-specialization adaptation• Critic-based adaptation
![Page 36: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/36.jpg)
CBR Parameterized Adaption
![Page 37: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/37.jpg)
CBR: Abstraction / Re-specialization
![Page 38: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/38.jpg)
CBR: Critic-Based Adaptation
• Human expertise introduces a new case
![Page 39: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/39.jpg)
CBR-Based CRITTER
![Page 40: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/40.jpg)
Codebook Correlation Model:Generic Architecture
Network Monitors
EventModel
ConfigurationModel
Correlator Problems
![Page 41: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/41.jpg)
Codebook Correlation Model
• Yemini, et.al. proposed this model • Monitors capture alarm events• Configuration model contains the configuration
of the network• Event model represents events and their causal
relationships• Correlator correlates alarm events with event
model and determines the problem that caused the events
![Page 42: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/42.jpg)
Codebook Approach
• Correlation algorithms based upon coding approach to event correlation
• Problem events viewed as messages generated by a system and encoded in sets of alarms
• Correlator decodes the problem messages to identify the problems
![Page 43: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/43.jpg)
Two phases of Codebook Approaches
1. Codebook selection phase: Problems to be monitored identified and the symptoms theygenerate are associated with the problem.This generates codebook (problem-symptom
matrix)2. Correlator compares alarm events with
codebook and identifies the problem.
![Page 44: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/44.jpg)
Causality Graph
![Page 45: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/45.jpg)
Labeled Causality Graph
• Ps are problems and Ss are symptoms• P1 causes S1 and S2• Note directed edge from S1 to S2 removed; S2 is caused directly or indirectly (via S1) by P1• S2 could also be caused by either P2 or P3
![Page 46: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/46.jpg)
Codebook
• Codebook is problem-symptom matrix
• It is derived from causality graph after removing directed edges of propagation of symptoms
• Number of symptoms >= number of problems
• 2 rows are adequate to identify uniquely 3 problems
![Page 47: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/47.jpg)
Correlation Matrix
• Correlation matrix is a reduced codebook
![Page 48: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/48.jpg)
Correlation Graph
![Page 49: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/49.jpg)
State Transition Model
![Page 50: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/50.jpg)
State Transition Model Example
BackboneNetwork
Router
Hub1 Hub2 Hub3
NMS / Correlator
Physical Network
![Page 51: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/51.jpg)
State Transition Graph
![Page 52: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/52.jpg)
Finite State Machine Model
![Page 53: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/53.jpg)
Finite State Machine Model
• Finite state machine model is a passive system; state transition graph model is an active system
• An observer agent is present in each node and reports abnormalities, such as a Web agent
• A central system correlates events reported by the agents
• Failure is detected by a node entering an illegal state
![Page 54: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/54.jpg)
Security Management
• Security threats• Policies and Procedures• Resources to prevent security breaches• Firewalls• Cryptography• Authentication and Authorization• Client/Server authentication system• Message transfer security• Network protection security
![Page 55: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/55.jpg)
Security Threats
• Modification of informationModification of information: Contents modified by unauthorized user, does not include address change
• MasqueradeMasquerade: change of originating address byunauthorized user
• Message Stream ModificationMessage Stream Modification: Fragments of message altered by an unauthorized user to modify the meaning of the message
• DisclosureDisclosure• Eavesdropping• Disclosure does not require interception of message
• Denial of service and traffic analysis are not considered as threats.
![Page 56: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/56.jpg)
Security Threats
![Page 57: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/57.jpg)
Polices and Procedures
![Page 58: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/58.jpg)
Secured Communication Network
• Firewall secures traffic in and out of Network A• Security breach could occur by intercepting the message going from B to A, even if B has permission to access Network A• Most systems implement authentication with user id and password• Authorization is by establishment of accounts
No Security Breaches ?
![Page 59: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/59.jpg)
Firewalls
• Protects a network from external attacks• Controls traffic in and out of a secure network• Could be implemented in a router, gateway, or
a special host• Benefits
• Reduces risks of access to hosts• Controlled access• Eliminates annoyance to the users• Protects privacy• Hierarchical implementation of policy and
and technology
![Page 60: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/60.jpg)
Packet Filtering Firewall
![Page 61: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/61.jpg)
Packet Filtering• Uses protocol specific criteria at DLC, network,
and transport layers• Implemented in routers - called screening router
or packet filtering routers• Filtering parameters:
• Source and/or destination IP address• Source and/or destination TCP/UDP port
address, such as ftp port 21• Multistage screening - address and protocol• Works best when rules are simple
![Page 62: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/62.jpg)
Application Level Gateway
DMZ(De-Militarized Zone)
![Page 63: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/63.jpg)
Cryptography
• Secure communication requires• Integrity protection: ensuring that the message
is not tampered with• Authentication validation: ensures the originator
identification• Security threats
• Modification of information• Masquerade• Message stream modification• Disclosure
• Hardware and software solutions• Most secure communication is software based
![Page 64: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/64.jpg)
資訊安全之重點 機密性 (Confidentiality) 真實性 (Authentication) 完整性 (Integrity) 不可否認性 (Non-repudiation) 存取控制 (Access control) 可用性 (Availability)
![Page 65: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/65.jpg)
Dear John: I am happy to know...
Dear John: I am happy to know...
atek49ffdlffffeffdsfsfsff …
atek49ffdlffffeffdsfsfsff …
plaintext plaintext
ciphertext ciphertextencryptionencryption decryptiondecryption
Encryption
Network
![Page 66: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/66.jpg)
Cryptography / Encryption
Encryption Encode, Scramble, or Encipher the plaintext
information to be sent. Encryption Algorithm
The method performed in encryption. Encryption Key
A stream of bits that control the encryption algorithm.
Plaintext The text which is to be encrypted.
Ciphertext the text after encryption is performed.
![Page 67: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/67.jpg)
Encryption
Encryption Key
Dear John: I am happy to know...
Plaintext
Encryption Algorithm
atek49ffdlffffeffdsfsfsff …
Ciphertext
![Page 68: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/68.jpg)
Decryption
Decryption Key
Dear John: I am happy to know...
Plaintext
Decryption Algorithm
atek49ffdlffffeffdsfsfsff …
Ciphertext
![Page 69: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/69.jpg)
Encryption / Decryption
![Page 70: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/70.jpg)
Encryption Techniques
Private Key Encryption Encryption Key == Decryption Key Also called Symmetric-Key EncryptionSymmetric-Key Encryption,
Secret-Key EncryptionSecret-Key Encryption, or Conventional Conventional Cryptography.Cryptography.
Public Key Encryption Encryption Key Decryption Key Also called Asymmetric EncryptionAsymmetric Encryption
![Page 71: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/71.jpg)
Private Key Encryption:- DES (Data Encryption Standard)
Adopted by U.S. Federal Government. Both the sender and receiver must know
the same secret key code to encrypt and decrypt messages with DES
Operates on 64-bit blocks with a 56-bit key
DES is a fast encryption scheme and works well for bulk encryption.
Issues: How to deliver the key to the sender safely?
![Page 72: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/72.jpg)
Symmetric Key in DES
![Page 73: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/73.jpg)
Other Symmetric Key Encryption Other Symmetric Key Encryption Techniques Techniques
3DES Triple DES
RC2, RC4 IDEA
International Data Encryption Algorithm
![Page 74: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/74.jpg)
Key Size Matters!
Centuries
Decades
Years
Hours 40-bits
56-bits
168-bits*Triple-DES(recommendedfor commercial& corporate information)
Info
rmat
ion
Lif
etim
e
100’s 10K 1M 10M 100MBudget ($)
![Page 75: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/75.jpg)
Public Key Encryption: RSA
The public key is disseminated as widely as possible. The secrete key is only known by the receiver.
Named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman
RSA is well established as a de facto standard
RSA is fine for encrypting small messages
![Page 76: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/76.jpg)
Asymmetric Key in RSA
![Page 77: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/77.jpg)
Symmetric Cipher(Conventional)
Asymmetric (RSA/D-H)
40 Bits 274 Bits 56 Bits 384 Bits 64 Bits 512 Bits 80 Bits 1024 Bits 96 Bits 1536 Bits112 Bits 2048 Bits120 Bits 2560 Bits128 Bits 3072 Bits192 Bits 10240 Bits
Average Time for Exhaustive Key Search
32 Bits 2 = 4.3 X 10 32 9
56 Bits 2 = 7.2 X 10 56 16Number of
Possible Key128 Bits 2 = 3.4 X 10
128 38
Time required at1 Encryption/uSEC
32 Bits ==> 2 usec =36 min31
56 Bits ==> 2 usec =1142 Years55
128 Bits ==> 2 usec =5X10 Years127 24
32 Bits ==> 2 millsec
56 Bits ==> 10 Hours
128 Bits ==> 5X10 Years18
Time required at
10 Encryption/uSEC6Performance
30~200 1
Key Length
![Page 78: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/78.jpg)
Hybrid Encryption Technology:
PGP (Pretty Good Privacy)
Hybrid Encryption Technique First compresses the plaintext. Then creates a session key, which is a one-time-
only secret key. Using the session key, apply a fast conventional
encryption algorithm to encrypt the plaintext. The session key is then encrypted to the
recipient’s public key. This public key-encrypted session key is
transmitted along with the ciphertext to the recipient.
![Page 79: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/79.jpg)
PGP Encryption
![Page 80: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/80.jpg)
PGP Decryption The recipient uses its private key to
recover the temporary session key Use the session key to decrypt the
conventionally-encrypted ciphertext.
![Page 81: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/81.jpg)
PGP Decryption
![Page 82: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/82.jpg)
Message Digest
• Message digest is a cryptographic hash algorithm added to a message
• One-way function• Analogy with CRC• If the message is tampered with the message
digest at the receiving end fails to validate• MD5 (used in SNMPv3) commonly used MD• MD5 takes a message of arbitrary length (32-Byte)
blocks and generates 128-bit message digest• SHS (Secured Hash Standard) message digest
proposed by NIST handles 264 bits and generates 160-bit output
![Page 83: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/83.jpg)
Digital Signatures
Digital signatures enable the recipient of information to verify the authenticity of the information’s origin, and also verify that the information is intact.
Public key digital signatures provide authenticationauthentication data integritydata integrity non-repudiationnon-repudiation
Technique: public key cryptography Signature created using private key and
validated using public key
![Page 84: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/84.jpg)
Simple Digital Signatures
![Page 85: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/85.jpg)
Secure Digital Signatures
![Page 86: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/86.jpg)
Authentication and Authorization
• Authentication verifies user identification• Client/server environment
• Host/User Authentication• Ticket-granting system• Authentication server system• Cryptographic authentication
• Messaging environment• e-mail• e-commerce
• Authorization grants access to information• Read, read-write, no-access• Indefinite period, finite period, one-time use
![Page 87: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/87.jpg)
Host Authentication Allow access to a service based on a source
host identifier, e.g. network address.
Issues A host can change its network address. Different users in the same host have the same authority.
ServiceService Allow Allow
Remote Login Host-B, Host-C, 140.131.59.20File Transfer Host-A, Host-B, PC-bmw, Directory Host-C, 140.131.62.211, PC-benz… …
![Page 88: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/88.jpg)
User Authentication Enable service to identify each user
before allowing that user access. Password Mechanism
Generally, passwords are transferred on the network without any encryption.
Use encrypted passwords. Users tend to make passwords easy to remember. If the passwords are not common words, users will write
them down.
Host Authentication ++ User Authentication
![Page 89: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/89.jpg)
Ticket-granting system
![Page 90: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/90.jpg)
Ticket-granting system
• Used in client/server authentication system• Kerberos developed by MIT• Steps:
• User logs on to client workstation• Login request sent to authentication server• Auth. Server checks ACL, grants encrypted ticket to
client• Client obtains from TGS service-granting ticket
and session key• Appl. Server validates ticket and session key,
and then provides service
![Page 91: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/91.jpg)
Service
ClientWorkstation
ApplicationServer /Service
AuthenticationServer
AuthenticationUserInput
Authentication
Proxy Server
Figure 13.39 Authentication Server
Authentication Server
![Page 92: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/92.jpg)
Authentication Server
• Architecture of Novell LAN • Authentication server does not issue ticket• Login and password not sent from client
workstation• User sends id to central authentication server• Authentication server acts as proxy agent to the
client and authenticates the user with the application server
• Process transparent to the user
![Page 93: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/93.jpg)
Message Transfer Security
• Messaging one-way communication• Secure message needs to be authenticated
and secured• Three secure mail systems
• Privacy Enhanced Mail (PEM)• Pretty Good Privacy (PGP)• X-400: OSI specifications that define
framework; not implementation specific
![Page 94: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/94.jpg)
Privacy Enhanced Mail• Developed by IETF (RFC 1421 - 1424)• End-to-end cryptography• Provides
• Confidentiality• Authentication• Message integrity assurance• Nonrepudiation of origin
• Data encryption key (DEK) could be secret or public key-based originator and receiver agreed upon method
• PEM processes based on cryptography and message encoding
• MIC-CLEAR (Message Integrity Code-CLEAR)• MIC-ONLY• ENCRYPTED
![Page 95: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/95.jpg)
PEM Processes
DEK = Data Encryption DEK = Data Encryption KeyKeyIK = Interexchange KeyIK = Interexchange KeyMIC = Message Integrity MIC = Message Integrity CodeCode
![Page 96: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/96.jpg)
Use of PGP in E-mail
![Page 97: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/97.jpg)
SNMPv3 Security
PrivacyModule
USMauthKey
USM
AuthenticationModule
wholeMsg
Figure 13.42 SNMP Secure Communication
password
authoritativeSnmpEngineId
scopedPDU
Encryption Key
EncryptedscopedPDU
authenticatedwholeMsg
HMAC Gen.
![Page 98: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/98.jpg)
SNMPv3 Security
• Authentication key equivalent to DEK in PEM or private key in PGP
• Authentication key generated using user password and SNMP engine id
• Authentication key may be used to encrypt message• USM prepares the whole message including
scoped PDU• HMAC, equivalent of signature in PEM and PGP,
generated using authentication key and the whole message
• Authentication module provided with authentication key and HMAC to process incoming message
![Page 99: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/99.jpg)
Virus Attacks
• Executable programs that make copies and insert them into other programs
• Attacks hosts and routers• Attack infects boot track, compromises cpu,
floods network traffic, etc.• Prevention is by identifying the pattern of the
virus and implementing protection in virus checkers
![Page 100: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/100.jpg)
Accounting Management
• Least developed • Usage of resources• Hidden cost of IT usage (libraries)• Functional accounting• Business application
![Page 101: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/101.jpg)
Report Management
![Page 102: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/102.jpg)
![Page 103: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/103.jpg)
Policy-Based Management
![Page 104: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/104.jpg)
Policy-Based Management
• Domain space consists of objects (alarms with attributes)
• Rule space consists of rules (if-then)• Policy Driver controls action to be taken• Distinction between policy and rule; policy
assigns responsibility and accountability• Action Space implements actions
![Page 105: Chapter 13 Network Management Applications. Network and Systems Management](https://reader037.vdocument.in/reader037/viewer/2022110208/56649d945503460f94a7c9e0/html5/thumbnails/105.jpg)
Service Level Management
• SLA management of service equivalent to QoS of network
• SLA defines• Identification of services and characteristics• Negotiation of SLA• Deployment of agents to monitor and control• Generation of reports
• SLA characteristics• Service parameters• Service levels• Component parameters• Component-to-service mappings