Logical design: Network Management and Security McCable ch.10 - PowerPoint PPT Presentation


PPT – Logical design: Network Management and Security McCable ch.10 PowerPoint presentation | free to view - id: 90f61-NWJhN


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Logical design: Network Management and Security McCable ch.10


... Management and Security into the Design ... management instrumentation on network design ... A network design should consider the data flows for ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 127
Provided by: orha9


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Logical design: Network Management and Security McCable ch.10

Logical design Network Management and Security
(McCable ch.10)
  • Integrating Network Management and Security into
    the Design
  • Defining Network Management
  • Designing with Manageable Resources
  • Network Management Architecture
  • Security
  • Security Mechanisms
  • Security Examples
  • Network Management and Security Plans

Network Management and Security
  • Integrating Network Management and Security into
    the Design
  • How to define and characterize management for a
    network design
  • How to plan for
  • monitoring,
  • configuring and
  • troubleshooting the network
  • Examine network management protocols and
    instrumentation requirements

Defining Network Management
  • Network management tasks
  • Monitoring for event notification
  • Monitoring for metrics and planning
  • Configuration of network parameters
  • Troubleshooting the network
  • Planning

Defining Network Management
  • Network elements and characteristics
  • A network element is a component of the network
    that can be managed
  • Hosts
  • Routers
  • Switches
  • Data Service Units (DSUs)
  • Hubs
  • NICs
  • Cable segments

Defining Network Management
  • Network elements and characteristics
  • End to end characteristics the characteristics
    that can be measured across multiple network
    elements and may be extended across the entire
    network or between hosts
  • Availability
  • Capacity
  • Delay
  • Delay variation (jitter)
  • Throughput
  • Error rates
  • Network utilization
  • Burstiness of the traffic

Defining Network Management
  • Network elements and characteristics
  • Link and element characteristics specific to the
    type of the element being managed.
  • IP forwarding rates (packets/second) for
  • Buffer utilization of a router
  • Logs of authentication failures

Defining Network Management
  • Monitoring and metering
  • Monitoring obtaining values for the end-to-end,
    link, and element characteristics.
  • Collecting data (e.g. using SNMP)
  • Processing data (e.g. time averaging)
  • Displaying processed data
  • Archiving data

Defining Network Management
  • Monitoring for event notification
  • Event A problem or a failure in a network
  • Threshold may be set on end-to-end or element
    characteristics for notification of events. (real
    time analysis)
  • Real time analysis usually involves short polling
    intervals capacity, CPU, memory, storage needed

Defining Network Management
  • Example
  • 100 network elements
  • Each polled for 8 characteristics 800 polls and
    800 responses
  • Average size of each poll and response is 64
  • We plan to poll every 5 seconds
  • (800 polls 800 responses)(64 bytes/poll)(8
    bits/byte)/(5 seconds) 164 Kb/s

Defining Network Management
  • Monitoring for metrics and planning
  • Metering collecting data for long term analysis
  • Metrics measured values
  • Baselines can be established by monitoring for

Defining Network Management
  • Generating the characteristics set
  • Generate a working set of end-to-end and element
  • For each element
  • Generate a table of configuration parameters
  • Establish methods for adjusting these parameters
  • Understand the effects of adjusting the
  • Understand the effects of problems and how to
    correct them
  • Troubleshooting problem notification, isolation,
    identification, and resolution

Designing with manageable resources
  • Network management protocols
  • The requirement for management protocols and
  • The impact of management instrumentation on
    network design
  • Instrumentation is the set of facilities provided
    by network elements for accessing element
    characteristics and configuration parameters

Designing with manageable resources
  • Network Management Protocols
  • Used to couple this instrumentation with
  • Monitoring
  • Display
  • Processing and
  • Storage
  • Two major NM protocols
  • The simple network management protocol (SNMP,
    SNMPv2 and SNMPv3)
  • The common management information protocol
    (CMIP/CMIP over TCP/IP (CMOT))

Designing with manageable resources
  • SNMP
  • Widely used
  • Provides facilities for collecting and
    configuring parameters from network elements
  • Commands get, get-next, set. Users can set traps
    (thresholds) for parameters for automatic notices
    (less polling)
  • Default port 161

Designing with manageable resources
  • SNMP
  • Management information Base (MIB) collection of
    parameters accessible by SNMP.
  • MIBs for
  • Routers
  • Switches
  • Circuits (e.g. T3)
  • Remote monitoring (RMON) MIB provides information
    about a LAN segment

Designing with manageable resources
  • Instrumentation methods
  • SNMPv2, v3
  • Ping
  • Traceroute
  • Pathchar
  • Tcpdump
  • telnet
  • FTP

Network Management Architecture
  • A network design should consider the data flows
    for management information
  • In-band vs. out-of-band monitoring
  • Centralized vs. distributed monitoring
  • Capacity and delay requirements
  • Flows of management data
  • Configuration of network management

Network Management Architecture
  • In-band vs. out-of-band monitoring
  • In-band monitoring having the NM data flow over
    the same network that the user network traffic
  • Simple network management architecture
  • In case of network problems monitoring and
    troubleshooting may be difficult
  • Out-of-band monitoring providing different paths
    for NM traffic and user network traffic
  • ISDN D-channel
  • Separate Frame Relay/ATM virtual circuit
  • Telephone lines

Network Management Architecture
  • Centralized/distributed monitoring
  • Centralized all monitoring data are sent from
    one monitoring node using either in-band or
  • Distributed local monitoring nodes
  • Less NM traffic
  • In-band/out-of band

Network Management Architecture
  • Capacity and Delay Requirements
  • For LANs one monitoring node per subnet
  • For WAN/MAN one monitoring node at each
    WAN/MAN-LAN interface

Network Management Architecture
  • LANs determine the
  • Number of hosts and network elements to be polled
    for parameters
  • Number of parameters to be collected
  • Frequency of polling
  • NM traffic rate
  • 2-5 (Ethernet, FDDI, Token Ring)
  • 0.2-0.5 (HiPPI 800 Mb/s capacity), etc.

Network Management Architecture
  • Have more than one method to verify the accuracy
    of data collected
  • SNMP
  • RMON
  • Avoid overloading network with NM data

  • For the development of a security plan
  • User requirements for security
  • Security policies
  • Security risk analysis
  • Protect network resources from being disabled,
    stolen, modified, or damaged
  • Protect hosts, servers, users, and system data

  • Security policies
  • Understand possible security breaches
  • Implement policies to deal with these breaches
  • Common security philosophies
  • Deny specifics/permit all else
  • Permit specifics/deny all else
  • Example policies
  • Acceptable use statements, security incident
    handling procedures, configuration-modification
    policies, and network access/firewall policies

  • Security risk analysis
  • A process used to determine which components of
    the system need to be protected and the types of
    security risks they should be protected from
  • Security risks may also change in time in line
    with changes in an organisation

Security Risk Analysis Example
  • Assume a fictitious company
  • Identify effect/likelihood (e.g. A/B)
  • Effect A (destructive), B (Disabling), C
    (Disruptive), D (No impact)
  • Likelihood A (Certain), B (Likely), C
    (Unlikely), D (Impossible)

Security Risk Analysis Example
Security Risk Analysis Example
  • Outcome
  • A strong user authentication mechanism needed
  • Added protection for DNS and email applications
    (e.g. application firewall)
  • Encryption for email messages

Security mechanisms
  • Physical
  • Security awareness
  • User authentication
  • Packet filters
  • Application wrappers and gateways
  • Encryption
  • Firewalls

Security mechanisms
  • Not all mechanisms are appropriate for any
  • Degree of protection it provides
  • Expertise required for installation and
  • Cost of purchasing, implementing and operating it
  • Amounts of administration and maintenance required

Security mechanisms
  • Physical security
  • Protected access (e.g. to servers etc.)
  • Backup power source and power conditioning,
    secondary backup storage
  • Security against natural disasters

Security Mechanisms
  • Security awareness
  • User involvement in all aspects of security
  • User authentication
  • Packet filters (ACLs)
  • Require administration and maintenance
  • Take up network resources (e.g. CPU)

Security Mechanisms
  • Application Security mechanisms
  • Application wrappers similar to packet filters
    but implemented on hosts
  • Application gateways relays between protected
    and unprotected systems
  • Encryption
  • Degrades network performance 15-85
  • Administration, maintenance required
  • Expensive

Security Mechanisms
  • Firewalls
  • A combination of a number of mechanisms
  • May give a false sense of security
  • Security and system components
  • Security at the user component
  • Security at the host component
  • Security at the network component

Security Examples External firewall
  • Between external and internal networks
  • Recommended when
  • there is a security threat from external sources
  • limited /no systems and network administration
  • access to external networks is needed
  • will not impact connectivity to external networks

(No Transcript)
External Firewalls Trade offs
  • May require knowledge of users requirements
    (telnet, ftp, etc.)
  • Requires firewall construction/configuration
  • Network performance degradation up to 30
  • Can complicate WAN/MAN troubleshooting
  • May require address translator
  • May require additional hardware e.g. routers

Security Examples Internal Firewall
  • Between subnets
  • Recommended when
  • there is a security threat from within or
    external to network
  • limited /no systems and network administration
  • interconnectivity between subnets/connectivity to
    external networks is needed
  • will not impact connectivity to internal and
    external networks

(No Transcript)
Internal Firewalls Trade offs
  • May require knowledge of users requirements
    (telnet, ftp, etc.)
  • Requires firewall construction/configuration
  • Network performance degradation up to 30
  • Can complicate LAN/MAN/WAN troubleshooting
  • May require address translator
  • May require additional hardware e.g. routers

Security Examples Distributed Host Security
  • Distributed host security
  • When there is a threat from external networks
  • When internal sources can be protected via system
  • When connectivity to internal and external
    networks would be impacted by firewall
    performance issues
  • Example TCP/IP filtering in MS Windows2000
    authentication encryption

(No Transcript)
Distributed Host Security Trade offs
  • May require knowledge of users requirements
    (telnet, ftp, etc.)
  • Requires consistent and thorough systems and
    network administration
  • internal security may be dependent on the
    security of every host and server within the
  • Security holes in host operating systems or
    applications will likely affect all internal
    hosts and servers

Example breaches of security
Example Security Breaches
Security points
Example security controls
  • Access control error control to prevent
    unauthorised access
  • Physical access control mechanisms,
  • Backup equipment and procedures,
  • Physical security,
  • Logging of message and transaction flow
  • etc.

Network Management and Security Plans
  • Evaluating and selecting secure, manageable
    network resources
  • Evaluating trade-offs in security and network
    management architectures
  • Integration with the network design
  • Risk analysis and contingency planning for the

Fundamentals of cryptography and encryption
  • Confidentiality allow only authorized persons to
    access information
  • Authentication guarantee of originator and of
    electronic transmission
  • Integrity information that was sent is what was
  • non-repudiation originator of information cannot
    deny content or transmission

One-key and two-key systems
  • One-key symmetric (secret key) cryptosystems
  • conventional
  • fast
  • Theory well developed
  • Two-key asymmetric (public key) cryptosystems
  • based on difficult number theory problem
  • slow
  • RSA

Practical Security
  • Firewalls
  • Network Intrusion Detection
  • Endpoint Security/Host Intrusion Protection
  • VPN Security

and more specifically
  • Cisco PIX Firewalls
  • has received ICSA Firewall and IPsec
    certification, as well as Common Criteria EAL4
    evaluation status.
  • provide a wide range of security and networking
    services including
  • Network Address Translation (NAT),
  • Port Address Translation (PAT),
  • content filtering (Java/ActiveX),
  • URL filtering,
  • AAA (RADIUS/TACACS) integration,
  • support for leading X.509 PKI solutions,
  • DHCP client/server

  • an architectural framework for configuring three
    different security features.
  • authentication,
  • authorization, and
  • accounting

AAA Advantages
  • Provides scalability
  • rely on a server or group of servers to store
    usernames and passwords
  • supports standardized security protocols,
  • Terminal Access Controller Access Control System
    Plus (TACACS),
  • Remote Authentication Dial-In User Service
    (RADIUS), and
  • Kerberos
  • allows you to configure multiple backup systems

  • A security application used with AAA that
    provides centralized validation of users
    attempting to gain access to a router or network
    access server.
  • Services are maintained in a database on a
    TACACS daemon running, typically, on a UNIX or
    Windows workstation.
  • Provides for separate and modular authentication,
    authorization, and accounting facilities
  • Uses TCP

  • A distributed client/server system used with AAA
    that secures networks against unauthorized
  • e.g. RADIUS clients may run on Cisco routers and
    send authentication requests to a central RADIUS
    server that contains all user authentication and
    network service access information.
  • Uses UDP

  • A secret-key network authentication protocol used
    with AAA that uses the Data Encryption Standard
    (DES) cryptographic algorithm for encryption and

(No Transcript)
More on Security

  • Computer and Network Security Requirements
  • Security Threats
  • Protection
  • Intruders
  • Malicious Software
  • Trusted Systems

Computer and Network Security Requirements
  • Confidentiality
  • Requires information in a computer system only be
    accessible for reading by authorized parties
  • Integrity
  • Assets can be modified by authorized parties only
  • Availability
  • Assets be available to authorized parties
  • Authenticity
  • Requires that a computer system be able to verify
    the identity of a user

Types of Threats
  • Interruption
  • Interception
  • Modification
  • Fabrication

Types of Threats
  • Interruption
  • An asset of the system is destroyed or becomes
    unavailable or unusable
  • Attack on availability
  • Destruction of hardware
  • Cutting of a communication line
  • Disabling the file management system

Types of Threats
  • Interception
  • An unauthorized party gains access to an asset
  • Attack on confidentiality
  • Wiretapping to capture data in a network
  • Illicit copying of files or programs

Types of Threats
  • Modification
  • An unauthorized party not only gains access but
    tampers with an asset
  • Attack on integrity
  • Changing values in a data file
  • Altering a program so that it performs
  • Modifying the content of messages being
    transmitted in a network

Types of Threats
  • Fabrication
  • An unauthorized party inserts counterfeit objects
    into the system
  • Attack on authenticity
  • Insertion of spurious messages in a network
  • Addition of records to a file

Computer System Assets
  • Hardware
  • Software
  • Data
  • Communication lines and Network

Computer System Assets
  • Hardware
  • Threats include accidental and deliberate damage
  • Software
  • Threats include deletion, alteration, damage
  • Backups of the most recent versions can maintain
    high availability

Computer System Assets
  • Data
  • Involves files
  • Security concerns for availability, secrecy, and
  • Statistical analysis can lead to determination of
    individual information which threatens privacy

Computer System Assets
  • Communication Lines and Networks Passive
  • Release of message contents for a telephone
    conversation, an electronic mail message, and a
    transferred file are subject to these threats
  • Traffic analysis
  • encryption masks the contents of what is
    transferred so even if obtained by someone, they
    would be unable to extract information

Computer System Assets
  • Communication Lines and Networks Active Attacks
  • Masquerade takes place when one entity pretends
    to be a different entity
  • Replay involves the passive capture of a data
    unit and its subsequent retransmission to produce
    an unauthorized effect
  • Modification of messages means that some portion
    of a legitimate message is altered, or that
    messages are delayed or reordered, to produce an
    unauthorized effect

Computer System Assets
  • Communication Lines and Networks Active Attacks
  • Modification of messages means that some portion
    of a legitimate message is altered, or that
    messages are delayed or reordered, to produce an
    unauthorized effect
  • Denial of service prevents or inhibits the normal
    use or management of communications facilities
  • Disable network or overload it with messages

  • Sharing resources among users involve
  • Memory
  • I/O devices
  • Programs
  • Data
  • Sharing creates a need for protection

  • No protection
  • When sensitive procedures are run at separate
  • Isolation
  • Each process operates separately from other
    processes with no sharing or communication

  • Share all or share nothing
  • Owner of an object declares it public or private
  • Share via access limitation
  • Operating system checks the permissibility of
    each access by a specific user to a specific
  • Operating system acts as the guard

  • Share via dynamic capabilities
  • Dynamic creation of sharing rights for objects
  • Limit use of an object
  • Limit not only access to an object but also the
    use to which that object may be put
  • Example a user may be able to derive
    statistical summaries but not to determine
    specific data values

  • Protection of memory
  • User-oriented access control
  • Data oriented access control

Protection of Memory
  • Ensure correct function of various processes that
    are active
  • Virtual memory scheme
  • Paging
  • Segmentation
  • Shareable/non-shareable
  • Hardware support (mP) can be provided for memory

User-Oriented Access Control
  • Log on
  • Requires both a user identifier (ID) and a
  • System only allows users to log on if the ID is
    known to the system and password associated with
    the ID is correct
  • Users can reveal their password to others either
    intentionally or accidentally
  • Hackers are skillful at guessing passwords
  • ID/password file can be obtained

Data-Oriented Access Control
  • Associated with each user, there can be a user
    profile that specifies permissible operations and
    file accesses
  • Operating system enforces these rules
  • Database management system controls access to
    specific records or portions of records

Data-Oriented Access Control
  • Access Matrix A general model of access control
    as exercised by a file or database management
    system. Its elements
  • Subject
  • An entity capable of accessing objects
  • e.g. a process enabling a user/application to
    access an object
  • Object
  • Anything to which access is controlled
  • Files, programs, segments of memory
  • Access rights
  • The way in which an object is accessed by a

Access Matrix
Access Control List
  • Matrix decomposed by columns
  • For each object, an access control list gives
    users and their permitted access rights

Access Control List
Capability Tickets
  • Decomposition of access matrix by rows
  • Specifies authorized object and operations for a

Capability Tickets
  • Hacker or cracker
  • Three classes
  • Masquerader
  • Not authorized to use the computer, penetrates
    systems access controls to exploit a legitimate
    users account
  • Misfeasor
  • A legitimate user accessing objects without
    authorization or misusing his/her privileges
  • Clandestine user
  • An individual who seizes supervisory control

Intrusion Techniques
  • Objective of intruder is to gain access to the
    system or to increase the range of privileges
    accessible on a system
  • Protected information that an intruder acquires
    is a password
  • Protecting password file
  • Encryption
  • Access control

Techniques for Learning Passwords
  • Try default password used with standard accounts
    shipped with computer
  • Exhaustively try all short passwords
  • Try words in dictionary or a list of likely
  • Collect information about users and use these
    items as passwords

Techniques for Learning Passwords
  • Try users phone numbers, social security
    numbers, and room numbers
  • Try all legitimate license plate numbers for this
  • Use a Trojan horse to bypass restrictions on
  • Tap the line between a remote user and the host

Password protectionID Provides Security
  • Determines whether the user is authorized to gain
    access to a system
  • Determines the privileges accorded to the user
  • Guest or anonymous accounts have more limited
    privileges than others
  • ID is used for discretionary access control
  • A user may grant permission to files to others by

Password Selection Strategies
  • Computer generated passwords
  • Users have difficulty remembering them
  • Need to write it down
  • Have history of poor acceptance

Password Selection Strategies
  • Reactive password checking strategy
  • System periodically runs its own password cracker
    to find guessable passwords
  • System cancels passwords that are guessed and
    notifies user
  • Consumes resources to do this
  • Hacker can use this on their own machine with a
    copy of the password file

Password Selection Strategies
  • Proactive password checker
  • The system checks at the time of selection if the
    password is allowable
  • With guidance from the system users can select
    memorable passwords that are difficult to guess

(No Transcript)
Intrusion Detection
  • Assume the behavior of the intruder differs from
    the legitimate user
  • Statistical anomaly detection
  • Collect data related to the behavior of
    legitimate users over a period of time
  • Statistical tests are used to determine if the
    behavior is not legitimate behavior

Intrusion Detection
  • Rule-based detection
  • Anomaly detection Rules are developed to detect
    deviation from previous usage pattern
  • Penetration identification Expert system
    searches for suspicious behavior

Intrusion Detection
  • Audit record
  • Native audit records
  • All operating systems include accounting software
    that collects information on user activity
  • Detection-specific audit records
  • Collection facility can be implemented that
    generates audit records containing only that
    information required by the intrusion detection

Malicious Programs
  • Those that need a host program
  • Fragments of programs that cannot exist
    independently of some application program,
    utility, or system program
  • Independent
  • Self-contained programs that can be scheduled and
    run by the operating system

(No Transcript)
  • A secret entry point into a program that allows
    someone who is aware of trapdoor to gain access
  • used by programmers to debug and test programs
  • Avoids necessary setup and authentication
  • Method to activate program if something wrong
    with authentication procedure
  • Difficult to control take care of program
    development and software update activities

Logic Bomb
  • Code embedded in a legitimate program that is set
    to explode when certain conditions are met
  • Presence or absence of certain files
  • Particular day of the week
  • Particular user running application

Trojan Horse
  • Useful program that contains hidden code that
    when invoked performs some unwanted or harmful
  • Can be used to accomplish functions indirectly
    that an unauthorized user could not accomplish
  • User may set file permission so everyone has
    access to files on another users machine

  • Program that can infect other programs by
    modifying them
  • Modification includes copy of virus program
  • The infected program can infect other programs

  • Use network connections to spread form system to
  • Electronic mail facility
  • A worm mails a copy of itself to other systems
  • Remote execution capability
  • A worm executes a copy of itself on another
  • Remote log-in capability
  • A worm logs on to a remote system as a user and
    then uses commands to copy itself from one system
    to the other

  • Program that secretly takes over another
    Internet-attached computer
  • It uses that computer to launch attacks that are
    difficult to trace to the zombies creator

Virus Stages
  • Dormant phase
  • Virus is idle
  • Propagation phase
  • Virus places an identical copy of itself into
    other programs or into certain system areas on
    the disk

Virus Stages
  • Triggering phase
  • Virus is activated to perform the function for
    which it was intended
  • Caused by a variety of system events
  • Execution phase
  • Function is performed

Types of Viruses
  • Parasitic
  • Attaches itself to executable files and
  • When the infected program is executed, it looks
    for other executables to infect
  • Memory-resident
  • Lodges in main memory as part of a resident
    system program
  • Once in memory, it infects every program that

Types of Viruses
  • Boot sector
  • Infects boot record
  • Spreads when system is booted from the disk
    containing the virus
  • Stealth
  • Designed to hide itself from detection by
    anti-virus software
  • May use compression so that the infected program
    is exactly the same length as an uninfected

Types of Viruses
  • Polymorphic
  • Mutates with every infection, making detection by
    the signature of the virus impossible
  • Mutation engine creates a random encryption key
    to encrypt the remainder of the virus
  • The key is stored with the virus

Macro Viruses
  • Platform independent
  • Most infect Microsoft Word
  • Infect document, not executable portions of code
  • Easily spread

Macro Viruses
  • A macro is an executable program embedded in a
    word processing document or other type of file
  • Autoexecuting macros in Word
  • Autoexecute
  • Executes when Word is started (Macro named
    AutoExec is in the normal.dot template)
  • Automacro
  • Executes when defined event occurs such as
    opening or closing a document
  • Command macro
  • Executed when user invokes a command (e.g., File

Antivirus Approaches
  • Detection
  • Determining that an infection has occurred and
    locating the virus
  • Identification
  • Following detection of a virus identifying the
    specific virus
  • Removal
  • Remove all traces of the virus from the infected
    program and all infected systems

Antivirus Approaches
  • Generic Decryption
  • Digital Immune System

Generic Decryption
  • Elements
  • CPU emulator
  • Instructions in an executable file are
    interpreted by the emulator rather than the
  • Virus signature scanner
  • Scan target code looking for known virus
  • Emulation control module
  • Controls the execution of the target code

Digital Immune System
  • Developed by IBM
  • Motivation has been the rising threat of
    Internet-based virus propagation
  • Integrated mail systems
  • Groupware Lotus notes, MS Outlook
  • Mobile-program system
  • Portable Java, ActiveX

(No Transcript)
E-mail Virus
  • Activated when recipient opens the e-mail
  • Activated by open an e-mail that contains the
  • Uses Visual Basic scripting language
  • Propagates itself to all of the e-mail addresses
    known to the infected host

Trusted Systems
  • Multilevel security
  • Information organized into categories
  • A subject at a high level may not convey
    information to a subject at a lower level unless
    authorized to do so
  • No read up
  • A subject can only read objects of a less or
    equal security level (simple security property)
  • No write down
  • A subject can only write objects of greater or
    equal security level (-property star property)

(No Transcript)
Trojan Horse Defense
  • Use secure, trusted operating system

Trojan Horse Defense
Trojan Horse Defense
Trojan Horse Defense
Trojan Horse Defense
About PowerShow.com