Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETWORK CONTROL The Fourth Meeting. 2 Table of Contents  Introduction  Configuration Control  Security Control.

Published byEverett Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "NETWORK CONTROL The Fourth Meeting. 2 Table of Contents  Introduction  Configuration Control  Security Control."— Presentation transcript:

1 NETWORK CONTROL The Fourth Meeting

2 2 Table of Contents  Introduction  Configuration Control  Security Control

3 3 Introduction  Network control is concerned with modifying parameters in and causing actions to be taken by the end systems, intermediate systems, and subnetworks that make up the network to be managed  All five functional areas of Network Management involve monitoring and control but configuration and security are more concerned with control  Issues in network control what to control? define what is to be controlled how to control? how to cause actions to be performed

4 4 Configuration Management 1.Define Configuration Information 2.Configuration Monitoring  Examine values and relationships  Report on configuration status 3. Configuration Control may be required as a result of monitoring or event reports  Initialize and terminate network operations  Set and modify attribute values  Define and modify relationships

5 5 Define Configuration Information Includes the nature and status of managed resources  specification and attributes of resources Network Resources  physical resources end systems, routers, bridges, switches, modems, etc.  logical resources TCP connections, timers, counters, virtual circuits, etc. Attributes  name, address, ID number, states, operational characteristics, # of connections, etc. Control function should be able to  define new classes and attributes (mostly done off-line) define the type and range of attribute values

6 6 Set and Modify Attribute Values when requesting agents to perform set and modify the manager must be authorized some attributes cannot be modified (e.g., # of physical ports) Modification categories MIB update only does not require the agent to perform any other action e.g., update of static configuration information MIB update plus resource modification requires the agent to modify the resource itself e.g., changing the state of a physical port to “disabled” MIB update plus action perform actions as a side effect of set operation SNMP takes this approach

7 7 Define and Modify Relationships A relationship describes an association, connection, or condition that exists between network resources topology hierarchy containment physical or logical connections management domain Configuration control should allow on-line modification of resources without taking all or part of network down

8 8 Security Management What should be secured in networks? information security computer security network security Security Requirements Secrecy making information accessible to only authorized users includes the hiding of the existence of information Integrity making information modifiable to only authorized users Availability making resources available to only authorized users

9 9 Security Threats Interruption destroyed or becomes unavailable or unusable threat to “availability” Interception an unauthorized party gains access threat to “secrecy” Modification an unauthorized party makes modification threat to “integrity” Fabrication an unauthorized party inserts false information Masquerade an entity pretends to be a different entity

10 10 Types of Security Threats Information source information destination (a) Normal flow (b) Interruption (c) Interception (d) Modification (e) Fabrication

11 11 Security Threats and Network Assets.... Data Communication Lines hardware Software Masquerade Modification Interception (capture, analysis) Interruption (loss) Masquerade Modification Interception (capture, analysis) Interruption (loss) Modification Interception Interruption (deletion) Interruption (theft, denial of service)

12 12 Security Management Functions Maintain Security Information event logging, monitoring usage of security-related resources receiving notification and reporting security violations maintaining and examining security logs maintaining backup copies of security-related files Control Resource Access Service use access control (authentication and authorization) security codes (e.g., passwords) routing tables, accounting tables, etc. Control the Encryption Process must be able to encrypt messages between managers & agents specify encryption algorithms

13 13 Summary  Network control is concerned with setting and changing parameters of various parts of network resources as consequences of network monitoring and analysis  Configuration control and security control are two essential aspects of network control

14 THE BASIC INGREDIENTS OF NETWORK MANAGEMENT

15 Basic Components of Network Management

16 The Network Device  The first main component in network management consists of the device that must be managed  In network management parlance, we also call the managed devices network elements (NEs).  To be properly managed, they must participate in the management process

17 Management Agent  To be managed, a network element must offer a management interface through which a managing system can communicate with the network element for management purposes. For example, the management interface allows the managing system to send a request to the network element. This could be, for example, a request to configure a sub interface, to retrieve statistical data about the utilization of a port, or to obtain information about the status of a connection.

18 Manager-Agent Communication  Manager and agent are important terms in network management parlance.  They refer to the systems that manage (manager) and the systems that are managed (agent). Client/server is another well-known asymmetric communication relationship that the reader might already be familiar with; therefore, a few words on the relationship between manager/agent and client/server are in order.

19 Manager/Agent Versus Client/Server  Network elements must provide a piece of software that implements the management interface.  This software effectively provides the intermediary between external manager and managed device.  We refer to this software generally as the management agent.  In fact, this means that we are slightly overloading the term agent. Agent is used to refer both to the agent role that a network element plays in network management and to the software component, called the management agent, that allows the network element to play that role, that provides the management interface, and that represents the managed device to the manager.

20 Manager/Agent Versus Client/Server  The management agent conceptually consists of three main parts: a management interface, a Management Information Base, and the core agent logic The management interface handles management communication. The Management Information Base (MIB) is a conceptual data store that contains a management view of the device being managed. The conceptual data contained in this data store constitutes the management information. The core agent logic translates between the operation of the management interface, the MIB, and the actual device. For example, it translates the request to “retrieve a counter” into an internal operation that reads out a device hardware register that contains the desired information.

21 Anatomy of a Management Agent

22 Management Information, MOs, MIBs, and Real Resources  Management information that is provided by a management agent provides an abstraction of these real-world aspects for management purposes.  We refer to a chunk of management information that exposes one of these real-world aspects as a managed object (MO).  An MO could represent a device fan along with its operational state, a port on a line card along with a set of statistical data, or a firewall rule.  As you shall see later, many management protocols, including the Simple Network Management Protocol (SNMP), use their own flavor of MO, but for now, we refer to an MO in its more general.  An “MO” could thus be a MIB object in SNMP, a parameter in a command- line interface (CLI) command, or an element of an XML document in a web- based management interface.

23 Different Abstractions of the Same Real Resource

24 Basic Parts of Network Management

25 The Management System  Management systems provide network providers with the tools to manage the network. These tools include applications to monitor the network, service provisioning systems, craft terminals, and so forth.

26 A Management Hierarchy

27 The MIB Always Resides with the Agent

28 Connecting a Craft Terminal to a Managed Device

29 Dedicated Versus Shared Management and Production Networks

30 The advantages of using a dedicated management network are numerous:  Reliability—With a dedicated management network, management traffic is carried independently of traffic over the production network, making management significantly more reliable.  Interference avoidance—When carried over the production network, management traffic competes with other networking traffic.  Ease of network planning—Avoiding interference as described in the previous bullet requires careful network planning that takes into account the effects of unpredictable network management traffic.  Security—A dedicated management network is harder to attack and easier to secure. End users and subscribers will never come into contact with it; its devices are on a completely separate network.

31 There are a variety of reasons not to use a dedicated management network and to use management communication exchanges over a shared network  Cost and overhead—Despite its advantages, a dedicated management network requires a separate network to be built.  No reasonable alternative—In quite a few cases, a shared network might realistically be the only option.

32 A good organizational structure and clear network management responsibilities, many other things need to be considered to be able to run the network smoothly  Establishment of process and operational policies, documentation of operational procedures—This helps make management of the network consistent and efficient, and facilitates meeting a consistently high standard of operations.  Collection of audit trails—Automatically logging the activities of operations support staff— who initiated what action, at what time  Network documentation—Make sure not just your procedures and policies, but also your network itself is well documented  Reliable backup and restore procedures—This provides your network operations with an invaluable lifeline that lets you bring the network back up in case of disasters and emergencies.  Security emphasis—Security threats in networking have received a lot of attention in recent years. The most significant threat to your network might not be hackers from the outside, but disgruntled employees on the inside.

Download ppt "NETWORK CONTROL The Fourth Meeting. 2 Table of Contents  Introduction  Configuration Control  Security Control."

Similar presentations

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Executional Architecture

Executional Architecture
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Network Management 2 School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 16, Thursday 4/19/2007)

Network Management 2 School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 16, Thursday 4/19/2007)
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Database Environment Pearson Education © 2014.

Chapter 2 Database Environment Pearson Education © 2014.

Similar presentations

Ads by Google