Network Control

1
Network Control

• J. Won-Ki Hong
• Dept. of Computer Science and Engineering
• POSTECH
• Tel 054-279-2244
• Email jwkhong_at_postech.ac.kr

2
Table of Contents

• Introduction
• Configuration Control
• Security Control

3
Introduction

• Network control is concerned with modifying
  parameters in and causing actions to be taken by
  the end systems, intermediate systems, and
  subnetworks that make up the network to be
  managed
• All five functional areas of NM involve
  monitoring and control but configuration and
  security are more concerned with control
• Issues in network control
• what to control?
• define what is to be controlled
• how to control?
• how to cause actions to be performed

4
Configuration Management

• Define Configuration Information
• Configuration Monitoring
• Examine values and relationships
• Report on configuration status
• 3. Configuration Control may be required as a
  result of monitoring or event reports
• Initialize and terminate network operations
• Set and modify attribute values
• Define and modify relationships

5
Define Configuration Information

• Includes the nature and status of managed
  resources
• specification and attributes of resources
• Network Resources
• physical resources
• end systems, routers, bridges, switches, modems,
  etc.
• logical resources
• TCP connections, timers, counters, virtual
  circuits, etc.
• Attributes
• name, address, ID number, states, operational
  characteristics, of connections, etc.
• Control function should be able to
• define new classes and attributes (mostly done
  off-line)
• define the type and range of attribute values

6
Set and Modify Attribute Values

• when requesting agents to perform set and modify
• the manager must be authorized
• some attributes cannot be modified (e.g., of
  physical ports)
• Modification categories
• MIB update only
• does not require the agent to perform any other
  action
• e.g., update of static configuration information
• MIB update plus resource modification
• requires the agent to modify the resource itself
• e.g., changing the state of a physical port to
  disabled
• MIB update plus action
• perform actions as a side effect of set operation
• SNMP takes this approach

7
Define and Modify Relationships

• a relationship describes an association,
  connection, or condition that exists between
  network resources
• topology
• hierarchy
• containment
• physical or logical connections
• management domain
• Configuration control should allow on-line
  modification of resources without taking all or
  part of network down

8
Security Management

• What should be secured in networks?
• information security
• computer security
• network security
• Security Requirements
• Secrecy
• making information accessible to only authorized
  users
• includes the hiding of the existence of
  information
• Integrity
• making information modifiable to only authorized
  users
• Availability
• making resources available to only authorized
  users

9
Security Threats

• Interruption
• destroyed or becomes unavailable or unusable
• threat to availability
• Interception
• an unauthorized party gains access
• threat to secrecy
• Modification
• an unauthorized party makes modification
• threat to integrity
• Fabrication
• an unauthorized party inserts false information
• Masquerade
• an entity pretends to be a different entity

10
Types of Security Threats
11
Security Threats and Network Assets
12
Security Management Functions

• Maintain Security Information
• event logging, monitoring usage of
  security-related resources
• receiving notification and reporting security
  violations
• maintaining and examining security logs
• maintaining backup copies of security-related
  files
• Control Resource Access Service
• use access control (authentication and
  authorization)
• security codes (e.g., passwords)
• routing tables, accounting tables, etc.
• Control the Encryption Process
• must be able to encrypt messages between managers
  agents
• specify encryption algorithms

13
Summary

• Network control is concerned with setting and
  changing parameters of various parts of network
  resources as consequences of network monitoring
  and analysis
• Configuration control and security control are
  two essential aspects of network control
• READ Chapter 3 of Textbook