SlideShare uma empresa Scribd logo

Network management

S
sangusajjan
Tecnologia
1 de 10
Baixar para ler offline
Network Management • All networks, whether large or small, benefit from some form of management. Network management involves configuring, monitoring, and possibly reconfiguring components in a network with the goal of providing optimal performance, minimal downtime, proper security, and flexibility. • This type of management is generally accomplished by using a network management system, which contains a software bundle designed to improve the overall performance and reliability of a system. • In a small network, network management systems might be used to identify users who present security hazards or to end misconfigured systems. • The most common computer network management system currently implemented is the Simple Network Management Protocol (SNMP), which was originally intended to be a short term solution to the network management issue. • There is an OSI-based network management system called Common Management Information Protocol (CMIP). • network management system be based on standards so that interoperability is also ensured NETWORK MANAGEMENT OVERVIEW Network management involves monitoring and controlling a networking system so that it operates as intended. It also provides a means to configure the system while still meeting or exceeding design specifications. The functions performed by a network management system can be categorized into the following five areas: 1. Fault management refers to the detection, isolation, and resolution of network problems. 2. Configuration management refers to the process of initially configuring a network and then adjusting it in response to changing network requirements. 3. Accounting management involves tracking the usage of network resources. 4.Performance management involves monitoring network utilization, end-to-end response time, and other performance measures at various points in a network. 5.Security management refers to the process of making the network secure. A network contains a number of managed devices such as routers,bridges, switches, and hosts. Network management essentially involves monitor-ing and/or altering the con®guration of such devices. An agent is a part of a network management system that resides in a managed device. A network management station provides a text or graphical view of the entire network (or one of its components). This view is provided by way of a management application or manager that resides on the station. The Following figure shows portion of a departmental network to illustrate how the network management concepts might apply
Each host contains an agent that collects management information pertaining to the host. Similarly, the router also contains its own agent. The manager in the management station can poll a particular agent to obtain specific management information, which for example, can be the number of packet losses in the router. Network management system may operate in a centralized or distributed manner or include both types of computing. SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) In the early days of the Internet, the Internet Activities Board recognized the need for a management framework by which to manage TCP/IP implementa-tions. The framework consists of three components: 1. A conceptual framework that de®nes the rules for describing management information, known as the Structure of Management Information (SMI). 2. A virtual database containing information about the managed device known as the Management Information Base (MIB). 3. A protocol for communication between a manager and an agent of a managed device, known as Simple Network Management Protocol (SNMP). • SNMP is an application layer protocol that is used to read and write vari-ables in an agent's MIB. • The most current version is SNMPv3. • SNMP is based on an asynchronous request-response protocol enhanced with trap-directed polling • An SNMP manager sends messages to an agent via UDP destination port 161, while an agent sends trap messages to a manager via UDP destination port 162. • The messages (PDUs) exchanged via SNMP consist of a header and a data part. • The header contains a version ®eld, a community name ®eld, and a PDU type field. SNMP provdes three ways to access management information. 1. Request/response interaction in which a manager sends a request to an agent and the agent responds to the request. 2 .Request/response interaction in which a manager sends a request to another manager and the latter responds to the request. 3. Unconfirmed interaction in which an agent sends an unsolicited Trap-PDU a manager. to A typical interaction between a manager and agent would proceed as follows. The manager issues some form of get request that contains a unique request-id to match the response with the request, a zero-valued error status/error index, and one or more variable bindings. The agent issues a response containing the same request-id, a zero-valued error status if there is no error, and the same variable bindings.
If an exception occurs for one or more of the variables, then the particular error status for each relevant variable is returned as well. Version 3 of SNMP was formally documented in early 1998 [RFC 2271]. It presents a more complex framework for message exchange, the complexity being required both for extensibility and for security reasons. The security system contains a user-based security model, as well as other security models that may be implemented. The model uses the MD5 encryption scheme for verifying user keys, a SHA message digest algorithm (HMAC-SHA-96) to verify message integrity and to verify the user on whose behalf the message was generated, and a CBC-DES symmetric encryption protocol for privacy. See [RFC 2274] for further information on the user-based securitymodel. STRUCTURE OF MANAGEMENT INFORMATION The Structure of Management Information (SMI) de®nes the rules for describing managed objects. In the SNMP framework managed objects reside in a virtual database called the Management Information Base (MIB). Several data types are allowed in SMI. The primitive data types consist of IN T E G E R , O C T E T S T R ,IN G L,Land O B J E C T ID E N T.IF IE R NU A dditional user-de®data types are application speci®c. ned Primitive data types are written in uppercase, while user-de®ned data types start with an uppercase letter but contain at least one character other than an uppercase letter. Table B.2 lists some of the data types permitted in SMI. An B J E C T ID E N T IF is represented as a sequence of nonnegative integers each O IE R where integer corresponds to a particular node in the tree. This data type provides a means for identifying a managed object and relating its place in the object hierarchy. The internet (1) subtree itself has six subtrees:
The directory (1) subtree is reserved for future use describing how OSI direc-tory may be used in the Internet. The mgmt (2) subtree is used to identify ``standard'' objects that are registered by the Internet Assigned Numbers Authority (IANA). The experimental (3) subtree is for objects being used experimentally by work-ing groups of the IETF. If the object becomes a standard, then it must move to the mgmt (2) subtree. The private (4) subtree is for objects de®ned by a single party, usually a vendor.It has a subtree enterprise (1), which allows companies to register their network objects. The security (5) subtree is for objects related to security. The snmpv2 (6) subtree is reserved for housekeeping purposes for SNMPv2.This subtree includes object information for transport domains, transport proxies, and module identities Object definitions are generally packaged into information modules. Three types of information modules are defined using the SMI: • MIB modules, which serve to group dentitions of interrelated objects. • Compliance statements for MIB modules. These define a set of requirements that managed nodes must meet with respect to one or more MIB modules. • Capability statements for agent implementations. These specify the degree to which a managed node is able to implement objects that are defined in a MIB module. MANAGEMENT INFORMATION BASE The Management Information Base (MIB) is a virtual database used to define the Functional and operational aspects of network devices. The information provided by the MIB represents the common view and structure of management capabilities that are shared between the management station and device's agent. Each definition of a particular object contains the following information about the object: its name, the data type, a human-readable description, the type of access (read/write), and an object identifier.
REMOTE NETWORK MONITORING • An additional set of modules, known as Remote Network Monitoring (RMON), was developed in 1995. • These are considered to be not only an extension of the mib-2 but also an improvement. These are considered to be not only an extension of the mib-2 but also an improvement. • RMON uses a technique called remote management to obtain monitoring data. In this approach a network monitor (often called a probe) collects the data from the device. • The probe may stand alone or be embedded within the managed device. Management applications communicate with an RMON agent in the probe by using SNMP. • RMON also provides for a higher level of standardization of the information collected. • RMON is included as a subtree of mib-2 (rmon (16)). • RMON focuses on network management at layer 2 (data link). Security Protocols To provide certain services, some communication protocols need to process the information they transmit and receive. . For example, protocols that provide reliable communication service encode the transmitted information to detect when transmission errors have occurred so that they can initiate corrective action. SECURITY AND CRYPTOGRAPHIC ALGORITHMS Public communication networks traditionally have not been secure in the sense of providing high levels of security for the information that is transmitted. Information transmitted over the network is not secure and can be observed and recorded by eavesdroppers. This information can be replayed in attempts to access the server. Imposters can attempt to gain unauthorized access to a server, for example, a b$ank account or a database of personal records. An attacker can also ¯ood a server with requests, overloading the server resources and resulting in a denial of service to legitimate clients. An imposter can impersonate a legitimate server and gain sensitive information from a client, for example, a bank account number and associated user pass-word.
These threats give rise to one or more of the following security requirements for information that is transmitted over a network: Privacy or con®dentiality: The information should be readable only by the intended recipient. Integrity: The recipient can con®rm that a message has not been altered during transmission. Authentication: It is possible to verify that the sender or receiver is who he or she claims to be. Nonrepudiation: The sender cannot deny having sent a given message. The need for security in communications is in fact also not new. This need has existed in military communications for thousands of years. It should not be surprising then that the approaches developed by the military form the basis for providing security in modern networks. One feature that is new in the threats faced in computer networks is the speed with which break-in attempts can be made from a distance by using a network. Because the threats are implemented on computers, very high attempt rates are possible.
Applications of Cryptography to Security The science and art of manipulating messages to make them secure is called cryptography. An original message to be transformed is called the plaintext, and the resulting message after the transformation is called the ciphertext. The process of converting the plaintext into ciphertext is called encryption. The reverse process is called decryption. The algorithm used for encryption and decryption is often called a cipher. Typically, encryption and decryption require the use of a secret key. The objective is to design an encryption technique so that it would be very dif®cult if not impossible for an unauthorized party to under- stand the contents of the ciphertext. A user can recover the original message only by decrypting the ciphertext using the secret key. substitution ciphers are a common technique for altering messages in games and puzzles. Each letter of the alphabet is mapped into another letter. The ciphertext is obtained by applying the substitution defined by the mapping to the plaintext. Transposition ciphers are another type of encryption scheme. Here the order in which the letters of the message appear is altered. For example, the letters may be written into an array in one order and read out in a different order. If the receiver knows the appropriate manner in which the reading and writing is done, then it can decipher the message. Substitution and transposition techniques are easily broken. SECRET KEY CRYPTOGRAPHY Figure 11.2 depicts a secret key cryptographic system where a sender converts the plaintext P into ciphertext C ˆ EK …P† before transmitting the original message over an insecure channel. The sender uses a secret key K for the encryption. When the receiver receives the ciphertext C, the receiver recovers the plaintext by performing decryption DK …C†, using the same key K . It is the sharing of a secret, that is, the key, that enables the transmitter and receiver to communicate.Symbolically, we can write P ˆ DK … EK …P††. Secret key cryptography is also referred to as symmetric key cryptography. The selection of the cryptographic method must meet several requirements. First of all, the method should be easy to implement, and it should be deployable on large scale.
Clearly, secret key cryptography addresses the privacy requirement. A mes- sage that needs to be kept con®dential is encrypted prior to transmission, and any eavesdropper that manages to gain access to the ciphertext will be unable to access the contents of the plaintext message. The Data Encryption Standard (DES) is a well-known example of a secret key system. A traditional method of authentication involves demonstrating possession of a secret. For example, in a military setting a messenger might be con®rmed to be authentic if he or she can produce the correct answer to the speci®c question. A similar procedure can be used over a network, using secret key cryptography. CRYPTOGRAPHIC CHECKSUMS AND HASHES The usual approach to providing integrity is to transmit a cryptographic check-sum or hash along with the unencrypted message. The transmitter and receiver share a secret key that allows them to calculate the checksum that consists of a ®xed number of bits. To ascertain integrity, the receiver calculates the checksum of the received message and compares it to the received checksum. If the check-sums agree, the message is accepted. A cryptographic checksum must be designed so that it is one way in that it is extremely dif®cult to ®nd a message that produced a given checksum.Furthermore, given a message, ®nding another message that would produce the same checksum should also be extremely dif®cult. In general the checksum is much shorter than the transmitted message. However, the cryptographic checksum cannot be too short. The message digest 5 (MD5) algorithm is an example of a hash algorithm. The MD5 algorithm begins by taking a message of arbitrary length and padding it into a multiple of 512 bits. A buffer of 128 bits is then initialized to a given value. At each step the algorithm modi®es the content of the buffer according to the next 512-bit block. When the process is completed, the buffer holds the 128- bit ``hash'' code. The MD5 algorithm itself does not require a key. The keyed MD5, which combines a secret key with the MD5 algorithm, is widely used to produce a cryptographic checksum. First the message is padded to a multiple of 512 bits. The secret key is also
padded to 512 bits and attached to the front and back of the padded message. The MD5 algorithm then computes the hash code. A general method for improving the strength of a given hash function is to use the hashed message authentication code (HMAC) method. Using MD5 as an example, HMAC works as follows. First, the shared secret is padded with zeros to 512 bits. The result is XORed with ipad, which consists of 64 repetitions of 00110110. Second, the message is padded to a multiple of 512 bits. Third, the concatenation of the blocks in the ®rst two steps is applied to the MD5 algorithm to obtain a 128-bit hash. The hash is padded to 512 bits. Fourth, the shared secret is padded with zeros to 512 bits, and the result is XORed with opad, which consists of 64 repetitions of 01011010. Fifth, the blocks in the previous two steps are applied to the MD5 algorithm to produce the ®nal 128-bit hash. The general HMAC procedure involves adjusting the block size (512 bits for MD5) and the hash size (128 bits for MD5) to the particular hash function. For example, SHA- 1 works with a block size of 512 and a hash size of 160 bits. PUBLIC KEY CRYPTOGRAPHY Unlike secret key cryptography, keys are not shared between senders and recei- vers in public key cryptography (sometimes also referred to as asymmetric cryp- tography). Public key cryptography was invented in 1975 by Dif®e and Hellman. It relies on two different keys, a public key and a private key. A sender encrypts the plaintext by using a public key, and a receiver decrypts the ciphertext by using a private key, as illustrated in Figure 11.4. Symbolically, a public key cryptographic system can be expressed as P ˆ DK 2…EK 1…P††, where K 1 is the public key and K 2 is the private key. In some systems the encryption and decryp- tion process can be applied in the reverse order such as P ˆ EK 1…DK 2…P††. One important requirement for public key cryptography is that it must not be possi- ble to determine K 2 from K 1. In general the public key is small, and the private key is large. The best-known example of public key cryptography is the one developed by Rivest, Shamir, and Adleman, known as RSA.2 Public key cryptography can also be used to produce a digital signature. To sign a message the transmitter ®rst produces a no cryptographic checksum or hash of the message. The transmitter then encrypts the checksum or hash using its private key to produce the signature. No one else can create such a signature. The transmitter then sends the message and the signature to the receiver.
Network management

Recomendados

Network Management System and Protocol
Network Management System and Protocol Network Management System and Protocol
Network Management System and Protocol Hamdamboy (함담보이)
 
Managing enterprise networks with cisco prime infrastructure_ 1 of 2
Managing enterprise networks with cisco prime infrastructure_ 1 of 2Managing enterprise networks with cisco prime infrastructure_ 1 of 2
Managing enterprise networks with cisco prime infrastructure_ 1 of 2Abdullaziz Tagawy
 
Widyatama.lecture.applied networking.iv-week-12.network-management
Widyatama.lecture.applied networking.iv-week-12.network-managementWidyatama.lecture.applied networking.iv-week-12.network-management
Widyatama.lecture.applied networking.iv-week-12.network-managementDjadja Sardjana
 
Basic Concepts and Types of Network Management
Basic Concepts and Types of Network ManagementBasic Concepts and Types of Network Management
Basic Concepts and Types of Network ManagementSorath Asnani
 
Protocol snmp
Protocol snmpProtocol snmp
Protocol snmpNzava Luwawa
 
Introduction tosnmp
Introduction tosnmpIntroduction tosnmp
Introduction tosnmpjorlugon
 
JAVA INTRODUCTION
JAVA INTRODUCTIONJAVA INTRODUCTION
JAVA INTRODUCTIONProf Ansari
 
snmp
snmpsnmp
snmpحسن رشید
 

Recomendados

Network Management System and Protocol
Network Management System and Protocol Network Management System and Protocol
Network Management System and Protocol Hamdamboy (함담보이)
 
Managing enterprise networks with cisco prime infrastructure_ 1 of 2
Managing enterprise networks with cisco prime infrastructure_ 1 of 2Managing enterprise networks with cisco prime infrastructure_ 1 of 2
Managing enterprise networks with cisco prime infrastructure_ 1 of 2Abdullaziz Tagawy
 
Widyatama.lecture.applied networking.iv-week-12.network-management
Widyatama.lecture.applied networking.iv-week-12.network-managementWidyatama.lecture.applied networking.iv-week-12.network-management
Widyatama.lecture.applied networking.iv-week-12.network-managementDjadja Sardjana
 
Basic Concepts and Types of Network Management
Basic Concepts and Types of Network ManagementBasic Concepts and Types of Network Management
Basic Concepts and Types of Network ManagementSorath Asnani
 
Protocol snmp
Protocol snmpProtocol snmp
Protocol snmpNzava Luwawa
 
Introduction tosnmp
Introduction tosnmpIntroduction tosnmp
Introduction tosnmpjorlugon
 
JAVA INTRODUCTION
JAVA INTRODUCTIONJAVA INTRODUCTION
JAVA INTRODUCTIONProf Ansari
 
snmp
snmpsnmp
snmpحسن رشید
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityIAEME Publication
 
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative StudyAsymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative StudyIRJET Journal
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
Introduction to trace viewer
Introduction to trace viewerIntroduction to trace viewer
Introduction to trace viewerLaura Villarreal
 
Current issues - International Journal of Network Security & Its Applications...
Current issues - International Journal of Network Security & Its Applications...Current issues - International Journal of Network Security & Its Applications...
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmzBaha Rababah
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726IJERA Editor
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.comIJERD Editor
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
 
Distributed System Security Aspects
Distributed System Security AspectsDistributed System Security Aspects
Distributed System Security Aspectssmita gupta
 
IRJET-Encryption of Broadcast with Dealership
IRJET-Encryption of Broadcast with DealershipIRJET-Encryption of Broadcast with Dealership
IRJET-Encryption of Broadcast with DealershipIRJET Journal
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
 
X4103141144
X4103141144X4103141144
X4103141144IJERA Editor
 
Intrusion detection system via fuzzy
Intrusion detection system via fuzzyIntrusion detection system via fuzzy
Intrusion detection system via fuzzyIJDKP
 
IRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET Journal
 
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...IJCSIS Research Publications
 
SECURITY ALGORITHMS FOR WIMAX
SECURITY ALGORITHMS FOR WIMAXSECURITY ALGORITHMS FOR WIMAX
SECURITY ALGORITHMS FOR WIMAXIJNSA Journal
 
391 394
391 394391 394
391 394Editor IJARCET
 
TYBSC CS 2018 WEB SERVICES NOTES
TYBSC CS 2018 WEB SERVICES NOTESTYBSC CS 2018 WEB SERVICES NOTES
TYBSC CS 2018 WEB SERVICES NOTESWE-IT TUTORIALS
 
Report_Internships
Report_InternshipsReport_Internships
Report_InternshipsMarta de la Cruz Martos
 
ATM Network
ATM NetworkATM Network
ATM Networksangusajjan
 
Unit iv atm networks
Unit iv atm networksUnit iv atm networks
Unit iv atm networkssangusajjan
 

Mais conteúdo relacionado

Mais procurados

A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityIAEME Publication
 
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative StudyAsymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative StudyIRJET Journal
 
Introduction to trace viewer
Introduction to trace viewerIntroduction to trace viewer
Introduction to trace viewerLaura Villarreal
 
Current issues - International Journal of Network Security & Its Applications...
Current issues - International Journal of Network Security & Its Applications...Current issues - International Journal of Network Security & Its Applications...
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmzBaha Rababah
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
 
Distributed System Security Aspects
Distributed System Security AspectsDistributed System Security Aspects
Distributed System Security Aspectssmita gupta
 
IRJET-Encryption of Broadcast with Dealership
IRJET-Encryption of Broadcast with DealershipIRJET-Encryption of Broadcast with Dealership
IRJET-Encryption of Broadcast with DealershipIRJET Journal
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
 
Intrusion detection system via fuzzy
Intrusion detection system via fuzzyIntrusion detection system via fuzzy
Intrusion detection system via fuzzyIJDKP
 
IRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET Journal
 
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...IJCSIS Research Publications
 
SECURITY ALGORITHMS FOR WIMAX
SECURITY ALGORITHMS FOR WIMAXSECURITY ALGORITHMS FOR WIMAX
SECURITY ALGORITHMS FOR WIMAXIJNSA Journal
 
TYBSC CS 2018 WEB SERVICES NOTES
TYBSC CS 2018 WEB SERVICES NOTESTYBSC CS 2018 WEB SERVICES NOTES
TYBSC CS 2018 WEB SERVICES NOTESWE-IT TUTORIALS
 

Mais procurados (20)

A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network security
 
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative StudyAsymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
Asymmetrical Encryption for Wireless Sensor Networks: A Comparative Study
 
OSCh18
OSCh18OSCh18
OSCh18
 
Introduction to trace viewer
Introduction to trace viewerIntroduction to trace viewer
Introduction to trace viewer
 
Current issues - International Journal of Network Security & Its Applications...
Current issues - International Journal of Network Security & Its Applications...Current issues - International Journal of Network Security & Its Applications...
Current issues - International Journal of Network Security & Its Applications...
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmz
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
 
Distributed System Security Aspects
Distributed System Security AspectsDistributed System Security Aspects
Distributed System Security Aspects
 
IRJET-Encryption of Broadcast with Dealership
IRJET-Encryption of Broadcast with DealershipIRJET-Encryption of Broadcast with Dealership
IRJET-Encryption of Broadcast with Dealership
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
 
X4103141144
X4103141144X4103141144
X4103141144
 
Intrusion detection system via fuzzy
Intrusion detection system via fuzzyIntrusion detection system via fuzzy
Intrusion detection system via fuzzy
 
IRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN Security
 
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
Intelligent Intrusion Detection System Based on MLP, RBF and SVM Classificati...
 
SECURITY ALGORITHMS FOR WIMAX
SECURITY ALGORITHMS FOR WIMAXSECURITY ALGORITHMS FOR WIMAX
SECURITY ALGORITHMS FOR WIMAX
 
391 394
391 394391 394
391 394
 
TYBSC CS 2018 WEB SERVICES NOTES
TYBSC CS 2018 WEB SERVICES NOTESTYBSC CS 2018 WEB SERVICES NOTES
TYBSC CS 2018 WEB SERVICES NOTES
 
Report_Internships
Report_InternshipsReport_Internships
Report_Internships
 

Destaque

Unit iv atm networks
Unit iv atm networksUnit iv atm networks
Unit iv atm networkssangusajjan
 
Compression of digital voice and video
Compression of digital voice and videoCompression of digital voice and video
Compression of digital voice and videosangusajjan
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networkingsangusajjan
 
Computer studies year 7 exercise (easy)
Computer studies year 7 exercise (easy)Computer studies year 7 exercise (easy)
Computer studies year 7 exercise (easy)fizahPhd
 
Storage devices homework (average)
Storage devices homework (average)Storage devices homework (average)
Storage devices homework (average)fizahPhd
 
Cd ict-worksheet-la1-form-4
Cd ict-worksheet-la1-form-4Cd ict-worksheet-la1-form-4
Cd ict-worksheet-la1-form-4cikgushaharizan
 
Output Devices Homework Worksheet
Output Devices Homework WorksheetOutput Devices Homework Worksheet
Output Devices Homework WorksheetBiscette InfoTech
 
Chapter04 storage devices
Chapter04 storage devicesChapter04 storage devices
Chapter04 storage devicesshidabahri810
 
Output Devices In-Class Worksheet (Med)
Output Devices In-Class Worksheet (Med)Output Devices In-Class Worksheet (Med)
Output Devices In-Class Worksheet (Med)Biscette InfoTech
 
Cd ict-worksheet-la6-form-5
Cd ict-worksheet-la6-form-5Cd ict-worksheet-la6-form-5
Cd ict-worksheet-la6-form-5cikgushaharizan
 
Computer studies year 7 exercise (medium)
Computer studies year 7 exercise (medium)Computer studies year 7 exercise (medium)
Computer studies year 7 exercise (medium)fizahPhd
 
Computer studies year 7 exercise (hard)
Computer studies year 7 exercise (hard)Computer studies year 7 exercise (hard)
Computer studies year 7 exercise (hard)fizahPhd
 
Cd ict-worksheet-la2-form-4
Cd ict-worksheet-la2-form-4Cd ict-worksheet-la2-form-4
Cd ict-worksheet-la2-form-4cikgushaharizan
 
Question bank cn2
Question bank cn2Question bank cn2
Question bank cn2sangusajjan
 

Destaque (20)

ATM Network
ATM NetworkATM Network
ATM Network
 
Unit iv atm networks
Unit iv atm networksUnit iv atm networks
Unit iv atm networks
 
TCPIP
TCPIPTCPIP
TCPIP
 
Profile
ProfileProfile
Profile
 
Compression of digital voice and video
Compression of digital voice and videoCompression of digital voice and video
Compression of digital voice and video
 
OUTPUT WORD DETECTIVE
OUTPUT WORD DETECTIVEOUTPUT WORD DETECTIVE
OUTPUT WORD DETECTIVE
 
Vp ns
Vp nsVp ns
Vp ns
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networking
 
Computer studies year 7 exercise (easy)
Computer studies year 7 exercise (easy)Computer studies year 7 exercise (easy)
Computer studies year 7 exercise (easy)
 
Storage devices homework (average)
Storage devices homework (average)Storage devices homework (average)
Storage devices homework (average)
 
Cd ict-worksheet-la1-form-4
Cd ict-worksheet-la1-form-4Cd ict-worksheet-la1-form-4
Cd ict-worksheet-la1-form-4
 
Output Devices Homework Worksheet
Output Devices Homework WorksheetOutput Devices Homework Worksheet
Output Devices Homework Worksheet
 
Chapter04 storage devices
Chapter04 storage devicesChapter04 storage devices
Chapter04 storage devices
 
Output Devices In-Class Worksheet (Med)
Output Devices In-Class Worksheet (Med)Output Devices In-Class Worksheet (Med)
Output Devices In-Class Worksheet (Med)
 
Cd ict-worksheet-la6-form-5
Cd ict-worksheet-la6-form-5Cd ict-worksheet-la6-form-5
Cd ict-worksheet-la6-form-5
 
Computer studies year 7 exercise (medium)
Computer studies year 7 exercise (medium)Computer studies year 7 exercise (medium)
Computer studies year 7 exercise (medium)
 
Computer studies year 7 exercise (hard)
Computer studies year 7 exercise (hard)Computer studies year 7 exercise (hard)
Computer studies year 7 exercise (hard)
 
Cd ict-worksheet-la2-form-4
Cd ict-worksheet-la2-form-4Cd ict-worksheet-la2-form-4
Cd ict-worksheet-la2-form-4
 
Worksheet2
Worksheet2Worksheet2
Worksheet2
 
Question bank cn2
Question bank cn2Question bank cn2
Question bank cn2
 

Semelhante a Network management

HOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.comHOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.comProf Ansari
 
Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...Alexander Decker
 
Simple network management protocol
Simple network management protocolSimple network management protocol
Simple network management protocolni35540
 
Cisco network management
Cisco network managementCisco network management
Cisco network managementIT Tech
 
Network Management
Network ManagementNetwork Management
Network ManagementVivek Garg
 
Configuration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentConfiguration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentBharaniDharan195623
 
Chapter-2.pdf
Chapter-2.pdfChapter-2.pdf
Chapter-2.pdfvenui2
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolAnupomShill
 
343492490-Network-Management-and-Administration.pptx
343492490-Network-Management-and-Administration.pptx343492490-Network-Management-and-Administration.pptx
343492490-Network-Management-and-Administration.pptxbilalazam34
 
Net Mng1.pptx
Net Mng1.pptxNet Mng1.pptx
Net Mng1.pptxtahaazad2
 
A novel resource efficient dmms approach for network monitoring and controlli...
A novel resource efficient dmms approach for network monitoring and controlli...A novel resource efficient dmms approach for network monitoring and controlli...
A novel resource efficient dmms approach for network monitoring and controlli...ijwmn
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcKristen Wilson
 
Centralized monitoring station for it computing and network infrastructure1
Centralized monitoring station for it computing and network infrastructure1Centralized monitoring station for it computing and network infrastructure1
Centralized monitoring station for it computing and network infrastructure1MOHD ARISH
 
Network management aa
Network management aaNetwork management aa
Network management aaDhani Ahmad
 
Software engg. pressman_ch-10
Software engg. pressman_ch-10Software engg. pressman_ch-10
Software engg. pressman_ch-10Dhairya Joshi
 

Semelhante a Network management (20)

HOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.comHOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.com
 
Network management ppt
Network management pptNetwork management ppt
Network management ppt
 
Snmp
SnmpSnmp
Snmp
 
Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...
 
Simple network management protocol
Simple network management protocolSimple network management protocol
Simple network management protocol
 
Cisco network management
Cisco network managementCisco network management
Cisco network management
 
Network Management
Network ManagementNetwork Management
Network Management
 
Configuration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentConfiguration of IoT devices - Systems managament
Configuration of IoT devices - Systems managament
 
Chapter-2.pdf
Chapter-2.pdfChapter-2.pdf
Chapter-2.pdf
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
343492490-Network-Management-and-Administration.pptx
343492490-Network-Management-and-Administration.pptx343492490-Network-Management-and-Administration.pptx
343492490-Network-Management-and-Administration.pptx
 
Snmpv3
Snmpv3Snmpv3
Snmpv3
 
SNMP (MV ASHOK)
SNMP (MV ASHOK)SNMP (MV ASHOK)
SNMP (MV ASHOK)
 
Net Mng1.pptx
Net Mng1.pptxNet Mng1.pptx
Net Mng1.pptx
 
Net Man
Net ManNet Man
Net Man
 
A novel resource efficient dmms approach for network monitoring and controlli...
A novel resource efficient dmms approach for network monitoring and controlli...A novel resource efficient dmms approach for network monitoring and controlli...
A novel resource efficient dmms approach for network monitoring and controlli...
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
 
Centralized monitoring station for it computing and network infrastructure1
Centralized monitoring station for it computing and network infrastructure1Centralized monitoring station for it computing and network infrastructure1
Centralized monitoring station for it computing and network infrastructure1
 
Network management aa
Network management aaNetwork management aa
Network management aa
 
Software engg. pressman_ch-10
Software engg. pressman_ch-10Software engg. pressman_ch-10
Software engg. pressman_ch-10
 

Mais de sangusajjan

Computer network lesson plan
Computer network lesson planComputer network lesson plan
Computer network lesson plansangusajjan
 
VII Compression Introduction
VII Compression IntroductionVII Compression Introduction
VII Compression Introductionsangusajjan
 
UNIT II tramission control
UNIT II tramission controlUNIT II tramission control
UNIT II tramission controlsangusajjan
 
Unit VI Overlays
Unit VI OverlaysUnit VI Overlays
Unit VI Overlayssangusajjan
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and securitysangusajjan
 
Unit III IPV6 UDP
Unit III IPV6 UDPUnit III IPV6 UDP
Unit III IPV6 UDPsangusajjan
 
Unit VIII wireless sensor networks
Unit VIII wireless sensor networksUnit VIII wireless sensor networks
Unit VIII wireless sensor networkssangusajjan
 
Unit i packet switching networks
Unit i packet switching networksUnit i packet switching networks
Unit i packet switching networkssangusajjan
 

Mais de sangusajjan (11)

Computer network lesson plan
Computer network lesson planComputer network lesson plan
Computer network lesson plan
 
VII VoIP
VII VoIPVII VoIP
VII VoIP
 
VII Compression Introduction
VII Compression IntroductionVII Compression Introduction
VII Compression Introduction
 
UNIT II tramission control
UNIT II tramission controlUNIT II tramission control
UNIT II tramission control
 
Unit VI Overlays
Unit VI OverlaysUnit VI Overlays
Unit VI Overlays
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and security
 
Unit III IPV6 UDP
Unit III IPV6 UDPUnit III IPV6 UDP
Unit III IPV6 UDP
 
Vivpn pp tfinal
Vivpn pp tfinalVivpn pp tfinal
Vivpn pp tfinal
 
UnIT VIII manet
UnIT VIII manetUnIT VIII manet
UnIT VIII manet
 
Unit VIII wireless sensor networks
Unit VIII wireless sensor networksUnit VIII wireless sensor networks
Unit VIII wireless sensor networks
 
Unit i packet switching networks
Unit i packet switching networksUnit i packet switching networks
Unit i packet switching networks
 

Último

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Network management

  • 1. Network Management • All networks, whether large or small, benefit from some form of management. Network management involves configuring, monitoring, and possibly reconfiguring components in a network with the goal of providing optimal performance, minimal downtime, proper security, and flexibility. • This type of management is generally accomplished by using a network management system, which contains a software bundle designed to improve the overall performance and reliability of a system. • In a small network, network management systems might be used to identify users who present security hazards or to end misconfigured systems. • The most common computer network management system currently implemented is the Simple Network Management Protocol (SNMP), which was originally intended to be a short term solution to the network management issue. • There is an OSI-based network management system called Common Management Information Protocol (CMIP). • network management system be based on standards so that interoperability is also ensured NETWORK MANAGEMENT OVERVIEW Network management involves monitoring and controlling a networking system so that it operates as intended. It also provides a means to configure the system while still meeting or exceeding design specifications. The functions performed by a network management system can be categorized into the following five areas: 1. Fault management refers to the detection, isolation, and resolution of network problems. 2. Configuration management refers to the process of initially configuring a network and then adjusting it in response to changing network requirements. 3. Accounting management involves tracking the usage of network resources. 4.Performance management involves monitoring network utilization, end-to-end response time, and other performance measures at various points in a network. 5.Security management refers to the process of making the network secure. A network contains a number of managed devices such as routers,bridges, switches, and hosts. Network management essentially involves monitor-ing and/or altering the con®guration of such devices. An agent is a part of a network management system that resides in a managed device. A network management station provides a text or graphical view of the entire network (or one of its components). This view is provided by way of a management application or manager that resides on the station. The Following figure shows portion of a departmental network to illustrate how the network management concepts might apply
  • 2. Each host contains an agent that collects management information pertaining to the host. Similarly, the router also contains its own agent. The manager in the management station can poll a particular agent to obtain specific management information, which for example, can be the number of packet losses in the router. Network management system may operate in a centralized or distributed manner or include both types of computing. SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) In the early days of the Internet, the Internet Activities Board recognized the need for a management framework by which to manage TCP/IP implementa-tions. The framework consists of three components: 1. A conceptual framework that de®nes the rules for describing management information, known as the Structure of Management Information (SMI). 2. A virtual database containing information about the managed device known as the Management Information Base (MIB). 3. A protocol for communication between a manager and an agent of a managed device, known as Simple Network Management Protocol (SNMP). • SNMP is an application layer protocol that is used to read and write vari-ables in an agent's MIB. • The most current version is SNMPv3. • SNMP is based on an asynchronous request-response protocol enhanced with trap-directed polling • An SNMP manager sends messages to an agent via UDP destination port 161, while an agent sends trap messages to a manager via UDP destination port 162. • The messages (PDUs) exchanged via SNMP consist of a header and a data part. • The header contains a version ®eld, a community name ®eld, and a PDU type field. SNMP provdes three ways to access management information. 1. Request/response interaction in which a manager sends a request to an agent and the agent responds to the request. 2 .Request/response interaction in which a manager sends a request to another manager and the latter responds to the request. 3. Unconfirmed interaction in which an agent sends an unsolicited Trap-PDU a manager. to A typical interaction between a manager and agent would proceed as follows. The manager issues some form of get request that contains a unique request-id to match the response with the request, a zero-valued error status/error index, and one or more variable bindings. The agent issues a response containing the same request-id, a zero-valued error status if there is no error, and the same variable bindings.
  • 3. If an exception occurs for one or more of the variables, then the particular error status for each relevant variable is returned as well. Version 3 of SNMP was formally documented in early 1998 [RFC 2271]. It presents a more complex framework for message exchange, the complexity being required both for extensibility and for security reasons. The security system contains a user-based security model, as well as other security models that may be implemented. The model uses the MD5 encryption scheme for verifying user keys, a SHA message digest algorithm (HMAC-SHA-96) to verify message integrity and to verify the user on whose behalf the message was generated, and a CBC-DES symmetric encryption protocol for privacy. See [RFC 2274] for further information on the user-based securitymodel. STRUCTURE OF MANAGEMENT INFORMATION The Structure of Management Information (SMI) de®nes the rules for describing managed objects. In the SNMP framework managed objects reside in a virtual database called the Management Information Base (MIB). Several data types are allowed in SMI. The primitive data types consist of IN T E G E R , O C T E T S T R ,IN G L,Land O B J E C T ID E N T.IF IE R NU A dditional user-de®data types are application speci®c. ned Primitive data types are written in uppercase, while user-de®ned data types start with an uppercase letter but contain at least one character other than an uppercase letter. Table B.2 lists some of the data types permitted in SMI. An B J E C T ID E N T IF is represented as a sequence of nonnegative integers each O IE R where integer corresponds to a particular node in the tree. This data type provides a means for identifying a managed object and relating its place in the object hierarchy. The internet (1) subtree itself has six subtrees:
  • 4. The directory (1) subtree is reserved for future use describing how OSI direc-tory may be used in the Internet. The mgmt (2) subtree is used to identify ``standard'' objects that are registered by the Internet Assigned Numbers Authority (IANA). The experimental (3) subtree is for objects being used experimentally by work-ing groups of the IETF. If the object becomes a standard, then it must move to the mgmt (2) subtree. The private (4) subtree is for objects de®ned by a single party, usually a vendor.It has a subtree enterprise (1), which allows companies to register their network objects. The security (5) subtree is for objects related to security. The snmpv2 (6) subtree is reserved for housekeeping purposes for SNMPv2.This subtree includes object information for transport domains, transport proxies, and module identities Object definitions are generally packaged into information modules. Three types of information modules are defined using the SMI: • MIB modules, which serve to group dentitions of interrelated objects. • Compliance statements for MIB modules. These define a set of requirements that managed nodes must meet with respect to one or more MIB modules. • Capability statements for agent implementations. These specify the degree to which a managed node is able to implement objects that are defined in a MIB module. MANAGEMENT INFORMATION BASE The Management Information Base (MIB) is a virtual database used to define the Functional and operational aspects of network devices. The information provided by the MIB represents the common view and structure of management capabilities that are shared between the management station and device's agent. Each definition of a particular object contains the following information about the object: its name, the data type, a human-readable description, the type of access (read/write), and an object identifier.
  • 5. REMOTE NETWORK MONITORING • An additional set of modules, known as Remote Network Monitoring (RMON), was developed in 1995. • These are considered to be not only an extension of the mib-2 but also an improvement. These are considered to be not only an extension of the mib-2 but also an improvement. • RMON uses a technique called remote management to obtain monitoring data. In this approach a network monitor (often called a probe) collects the data from the device. • The probe may stand alone or be embedded within the managed device. Management applications communicate with an RMON agent in the probe by using SNMP. • RMON also provides for a higher level of standardization of the information collected. • RMON is included as a subtree of mib-2 (rmon (16)). • RMON focuses on network management at layer 2 (data link). Security Protocols To provide certain services, some communication protocols need to process the information they transmit and receive. . For example, protocols that provide reliable communication service encode the transmitted information to detect when transmission errors have occurred so that they can initiate corrective action. SECURITY AND CRYPTOGRAPHIC ALGORITHMS Public communication networks traditionally have not been secure in the sense of providing high levels of security for the information that is transmitted. Information transmitted over the network is not secure and can be observed and recorded by eavesdroppers. This information can be replayed in attempts to access the server. Imposters can attempt to gain unauthorized access to a server, for example, a b$ank account or a database of personal records. An attacker can also ¯ood a server with requests, overloading the server resources and resulting in a denial of service to legitimate clients. An imposter can impersonate a legitimate server and gain sensitive information from a client, for example, a bank account number and associated user pass-word.
  • 6. These threats give rise to one or more of the following security requirements for information that is transmitted over a network: Privacy or con®dentiality: The information should be readable only by the intended recipient. Integrity: The recipient can con®rm that a message has not been altered during transmission. Authentication: It is possible to verify that the sender or receiver is who he or she claims to be. Nonrepudiation: The sender cannot deny having sent a given message. The need for security in communications is in fact also not new. This need has existed in military communications for thousands of years. It should not be surprising then that the approaches developed by the military form the basis for providing security in modern networks. One feature that is new in the threats faced in computer networks is the speed with which break-in attempts can be made from a distance by using a network. Because the threats are implemented on computers, very high attempt rates are possible.
  • 7. Applications of Cryptography to Security The science and art of manipulating messages to make them secure is called cryptography. An original message to be transformed is called the plaintext, and the resulting message after the transformation is called the ciphertext. The process of converting the plaintext into ciphertext is called encryption. The reverse process is called decryption. The algorithm used for encryption and decryption is often called a cipher. Typically, encryption and decryption require the use of a secret key. The objective is to design an encryption technique so that it would be very dif®cult if not impossible for an unauthorized party to under- stand the contents of the ciphertext. A user can recover the original message only by decrypting the ciphertext using the secret key. substitution ciphers are a common technique for altering messages in games and puzzles. Each letter of the alphabet is mapped into another letter. The ciphertext is obtained by applying the substitution defined by the mapping to the plaintext. Transposition ciphers are another type of encryption scheme. Here the order in which the letters of the message appear is altered. For example, the letters may be written into an array in one order and read out in a different order. If the receiver knows the appropriate manner in which the reading and writing is done, then it can decipher the message. Substitution and transposition techniques are easily broken. SECRET KEY CRYPTOGRAPHY Figure 11.2 depicts a secret key cryptographic system where a sender converts the plaintext P into ciphertext C ˆ EK …P† before transmitting the original message over an insecure channel. The sender uses a secret key K for the encryption. When the receiver receives the ciphertext C, the receiver recovers the plaintext by performing decryption DK …C†, using the same key K . It is the sharing of a secret, that is, the key, that enables the transmitter and receiver to communicate.Symbolically, we can write P ˆ DK … EK …P††. Secret key cryptography is also referred to as symmetric key cryptography. The selection of the cryptographic method must meet several requirements. First of all, the method should be easy to implement, and it should be deployable on large scale.
  • 8. Clearly, secret key cryptography addresses the privacy requirement. A mes- sage that needs to be kept con®dential is encrypted prior to transmission, and any eavesdropper that manages to gain access to the ciphertext will be unable to access the contents of the plaintext message. The Data Encryption Standard (DES) is a well-known example of a secret key system. A traditional method of authentication involves demonstrating possession of a secret. For example, in a military setting a messenger might be con®rmed to be authentic if he or she can produce the correct answer to the speci®c question. A similar procedure can be used over a network, using secret key cryptography. CRYPTOGRAPHIC CHECKSUMS AND HASHES The usual approach to providing integrity is to transmit a cryptographic check-sum or hash along with the unencrypted message. The transmitter and receiver share a secret key that allows them to calculate the checksum that consists of a ®xed number of bits. To ascertain integrity, the receiver calculates the checksum of the received message and compares it to the received checksum. If the check-sums agree, the message is accepted. A cryptographic checksum must be designed so that it is one way in that it is extremely dif®cult to ®nd a message that produced a given checksum.Furthermore, given a message, ®nding another message that would produce the same checksum should also be extremely dif®cult. In general the checksum is much shorter than the transmitted message. However, the cryptographic checksum cannot be too short. The message digest 5 (MD5) algorithm is an example of a hash algorithm. The MD5 algorithm begins by taking a message of arbitrary length and padding it into a multiple of 512 bits. A buffer of 128 bits is then initialized to a given value. At each step the algorithm modi®es the content of the buffer according to the next 512-bit block. When the process is completed, the buffer holds the 128- bit ``hash'' code. The MD5 algorithm itself does not require a key. The keyed MD5, which combines a secret key with the MD5 algorithm, is widely used to produce a cryptographic checksum. First the message is padded to a multiple of 512 bits. The secret key is also
  • 9. padded to 512 bits and attached to the front and back of the padded message. The MD5 algorithm then computes the hash code. A general method for improving the strength of a given hash function is to use the hashed message authentication code (HMAC) method. Using MD5 as an example, HMAC works as follows. First, the shared secret is padded with zeros to 512 bits. The result is XORed with ipad, which consists of 64 repetitions of 00110110. Second, the message is padded to a multiple of 512 bits. Third, the concatenation of the blocks in the ®rst two steps is applied to the MD5 algorithm to obtain a 128-bit hash. The hash is padded to 512 bits. Fourth, the shared secret is padded with zeros to 512 bits, and the result is XORed with opad, which consists of 64 repetitions of 01011010. Fifth, the blocks in the previous two steps are applied to the MD5 algorithm to produce the ®nal 128-bit hash. The general HMAC procedure involves adjusting the block size (512 bits for MD5) and the hash size (128 bits for MD5) to the particular hash function. For example, SHA- 1 works with a block size of 512 and a hash size of 160 bits. PUBLIC KEY CRYPTOGRAPHY Unlike secret key cryptography, keys are not shared between senders and recei- vers in public key cryptography (sometimes also referred to as asymmetric cryp- tography). Public key cryptography was invented in 1975 by Dif®e and Hellman. It relies on two different keys, a public key and a private key. A sender encrypts the plaintext by using a public key, and a receiver decrypts the ciphertext by using a private key, as illustrated in Figure 11.4. Symbolically, a public key cryptographic system can be expressed as P ˆ DK 2…EK 1…P††, where K 1 is the public key and K 2 is the private key. In some systems the encryption and decryp- tion process can be applied in the reverse order such as P ˆ EK 1…DK 2…P††. One important requirement for public key cryptography is that it must not be possi- ble to determine K 2 from K 1. In general the public key is small, and the private key is large. The best-known example of public key cryptography is the one developed by Rivest, Shamir, and Adleman, known as RSA.2 Public key cryptography can also be used to produce a digital signature. To sign a message the transmitter ®rst produces a no cryptographic checksum or hash of the message. The transmitter then encrypts the checksum or hash using its private key to produce the signature. No one else can create such a signature. The transmitter then sends the message and the signature to the receiver.