Chapter 13 Network Management Applications

About This Presentation

Title:

Chapter 13 Network Management Applications

Description:

Chapter 13 Network Management Applications Network and Systems Management Management Applications OSI Model Configuration Fault Performance Security Accounting ... – PowerPoint PPT presentation

Number of Views:314

Avg rating:3.0/5.0

Slides: 106

Provided by: ycchenIm

Category:

more less

Transcript and Presenter's Notes

Title: Chapter 13 Network Management Applications

1
Chapter 13Network Management Applications
2
Network and Systems Management
3
Management Applications

OSI Model
Configuration
Fault
Performance
Security
Accounting
Reports
Service Level Management
Policy-based management

4
Configuration Management

Network Provisioning
Inventory Management
Equipment
Facilities
Network Topology
Database Considerations

5
Network Provisioning

Network Provisioning
Provisioning of network resources
Design
Installation and maintenance
Circuit-switched network
Packet-switched network, configuration for
Protocol
Performance
QoS
ATM networks

6
Network Topology

Manual
Auto-discovery by NMS using
Broadcast ping
ARP table in devices
Mapping of network
Layout
Layering
Views
Physical
Logical

7
Network Topology Discovery
163.25.145.0
163.25.146.0
140.112.8.0
140.112.6.0
163.25.146.128
163.25.147.0
140.112.5.0
192.168.12.0
192.168.13.0
8
Discovery In a Network

What to be discovered in a network ?
Node Discovery
The network devices in each network segment
Network Discovery
The topology of networks of interest
Service Discovery
The network services provided
Network Topology Discovery
Network Discovery Node Discovery

9
Node Discovery

Node Discovery
Given an IP Address, find the nodes in the same
network.
Two Major Approaches
Use Ping to query the possible IP addresses.
Use SNMP to retrieve the ARP Cache of a known
node.

10
Use ICMP ECHO

Eg IP address 163.25.147.12
Subnet mask 255.255.255.0
All possible addresses
163.25.147.1 163.25.147.254
For each of the above addresses, use ICMP ECHO to
inquire the address
If a node replies (ICMP ECHO Reply), then it is
found.
Broadcast Ping

11
Use SNMP

Find a node which supports SNMP
The given node, default gateway, or router
Or try a node arbitrarily
Query the ipNetToMediaTable in MIB-II IP group
(ARP Cache)

ipNetToMediaPhysAddress
ipNetToMediaType
ipNetToMediaIfIndex
ipNetToMediaNetAddress
1 0080435F129A 163.25.147.10
dynamic(3) 2 008051F311DE 163.25.147.11
dynamic(3)
12
Network Discovery

Network Discovery
Find the networks of interest with their
interconnections
Key Issue
Given a network, what are the networks directly
connected with it ?
Major Approach
Use SNMP to retrieve the routing table of a
router.

13
(No Transcript)
14
(No Transcript)
15
Service Discovery

Given a node, find out the network services
provided by the node.
Recall that each network service will use a
dedicated TCP/UDP port.
Standard TCP/UDP Ports 0 1023
Two Approaches
Use TCP Connection Polling (Port Scan)
Use SNMP

16
Use SNMP

If the node supports SNMP
Use SNMP to query tcpConnTable
Use SNMP to query udpTable

17
Use TCP Connection Polling

First specify the TCP services (i.e., TCP port
numbers) to be discovered.
For each TCP service to be discovered, use a TCP
connection to try to connect to the corresponding
TCP port of the node.
If the connection is successfully established,
then the service is found.
Note that it is difficult to discover the UDP
services following the same way.

18
Mapping of network
19
Traditional LAN Configuration
Physical
Logical
20
Virtual LAN Configuration
Physical
Logical
21
Fault Management

Fault is a failure of a network component
Results in loss of connectivity
Fault management involves
Fault detection
Polling
Traps linkDown, egpNeighborLoss
Fault location
Detect all components failed and trace down
the tree topology to the source
Fault isolation by network and SNMP tools
Use artificial intelligence / correlation
techniques
Restoration of service
Identification of root cause of the problem
Problem resolution

22
Performance Management

Tools
Protocol analyzers
RMON
MRTG
Performance Metrics
Data Monitoring
Problem Isolation
Performance Statistics

23
Performance Metrics

Macro-level
Throughput
Response time
Availability
Reliability
Micro-level
Bandwidth
Utilization
Error rate
Peak load
Average load

24
Traffic Flow MeasurementNetwork Characterization
Four levels defined by IETF (RFC 2063)
25
Network Flow Measurements

Three measurement entities
Meters gather data and build tables
Meter readers collect data from meters
Managers oversee the operation
Meter MIB (RFC 2064)
NetraMet - an implementation(RFC 2123)

26
Data Monitoring and Problem Isolation

Data monitoring
Normal behavior
Abnormal behavior (e.g., excessive collisions,
high packet loss, etc)
Set up traps (e.g., parameters in alarm group
in RMON on object identifier of interest)
Set up alarms for criticality
Manual and automatic clearing of alarms
Problem isolation
Manual mode using network and SNMP tools
Problems in multiple components needs
tracking down the topology
Automated mode using correlation technology

27
Performance Statistics

Traffic statistics
Error statistics
Used in
QoS tracking
Performance tuning
Validation of SLA (Service Level Agreement)
Trend analysis
Facility planning
Functional accounting

28
Event Correlation Techniques

Basic elements
Detection and filtering of events
Correlation of observed events using AI
Localize the source of the problem
Identify the cause of the problem
Techniques
Rule-based reasoning
Model-based reasoning
Case-based reasoning
Codebook correlation model
State transition graph model
Finite state machine model

29
Rule-Based Reasoning
30
Rule-Based Reasoning

Knowledge base contains expert knowledge
onproblem symptoms and actions to be taken if
? then condition ? action
Working memory contains topological and
stateinformation of the network recognizes
system going into faulty state
Inference engine in cooperation with knowledge
base decides on the action to be taken
Knowledge executes the action

31
Rule-Based Reasoning

Rule-based paradigm is an iterative process
RBR is brittle if no precedence exists
An exponential growth in knowledge base poses
problem in scalability
Problem with instability if packet loss lt
10 alarm green if packet loss gt 10 lt
15 alarm yellow if packet loss gt 15 alarm
red
Solution using fuzzy logic

32
Configuration for RBR Example
33
RBR Example
34
Model-Based Reasoning
35
Model-Based Reasoning

Object-oriented model
Model is a representation of the component it
models
Model has attributes and relations to other
models
Relationship between objects reflected in a
similar relationship between models

36
MBR Event Correlator
Example
Hub 1 fails
Recognized by Hub 1 model
Hub 1 model queries router model
Router model declares no failure
Router model declares failure
Hub 1 model declares Failure
Hub 1 model declares NO failure
37
Case-Based Reasoning
38
Case-Based Reasoning

Unit of knowledge
RBR rule
CBR case
CBR based on the case experienced before
extend to the current situation by adaptation
Three adaptation schemes
Parameterized adaptation
Abstraction / re-specialization adaptation
Critic-based adaptation

39
CBR Parameterized Adaption
40
CBR Abstraction / Re-specialization
41
CBR Critic-Based Adaptation

Human expertise introduces a new case

42
CBR-Based CRITTER
43
Codebook Correlation ModelGeneric Architecture
44
Codebook Correlation Model

Yemini, et.al. proposed this model
Monitors capture alarm events
Configuration model contains the configuration of
the network
Event model represents events and their
causalrelationships
Correlator correlates alarm events with event
model and determines the problem that caused the
events

45
Codebook Approach

Correlation algorithms based upon coding
approach to event correlation
Problem events viewed as messages generated by
a system and encoded in sets of alarms
Correlator decodes the problem messages to
identify the problems

46
Two phases of Codebook Approaches

Codebook selection phase Problems to be
monitored identified and the symptoms
theygenerate are associated with the
problem.This generates codebook (problem-symptom
matrix)
2. Correlator compares alarm events with codebook
and identifies the problem.

47
Causality Graph
48
Labeled Causality Graph

Ps are problems and Ss are symptoms
P1 causes S1 and S2
Note directed edge from S1 to S2 removed S2
is caused directly or indirectly (via S1) by P1
S2 could also be caused by either P2 or P3

49
Codebook

Codebook is problem-symptom matrix
It is derived from causality graph after
removing directed edges of propagation of
symptoms
Number of symptoms gt number of problems
2 rows are adequate to identify uniquely 3
problems

50
Correlation Matrix

Correlation matrix is a reduced codebook

51
Correlation Graph
52
State Transition Model
53
State Transition Model Example
54
State Transition Graph
55
Finite State Machine Model
56
Finite State Machine Model

Finite state machine model is a passive system
state transition graph model is an active system
An observer agent is present in each node and
reports abnormalities, such as a Web agent
A central system correlates events reported by
the agents
Failure is detected by a node entering an
illegal state

57
Security Management

Security threats
Policies and Procedures
Resources to prevent security breaches
Firewalls
Cryptography
Authentication and Authorization
Client/Server authentication system
Message transfer security
Network protection security

58
Security Threats

Modification of information Contents modified by
unauthorized user, does not include address
change
Masquerade change of originating address
byunauthorized user
Message Stream Modification Fragments of message
altered by an unauthorized user to modify the
meaning of the message
Disclosure
Eavesdropping
Disclosure does not require interception of
message
Denial of service and traffic analysis are not
considered as threats.

59
Security Threats
60
Polices and Procedures
61
Secured Communication Network
No Security Breaches ?

Firewall secures traffic in and out of Network A
Security breach could occur by intercepting the
message going from B to A, even if B has
permission to access Network A
Most systems implement authentication with user
id and password
Authorization is by establishment of accounts

62
Firewalls

Protects a network from external attacks
Controls traffic in and out of a secure network
Could be implemented in a router, gateway, or a
special host
Benefits
Reduces risks of access to hosts
Controlled access
Eliminates annoyance to the users
Protects privacy
Hierarchical implementation of policy and and
technology

63
Packet Filtering Firewall
64
Packet Filtering

Uses protocol specific criteria at DLC, network,
and transport layers
Implemented in routers - called screening router
or packet filtering routers
Filtering parameters
Source and/or destination IP address
Source and/or destination TCP/UDP port
address, such as ftp port 21
Multistage screening - address and protocol
Works best when rules are simple

65
Application Level Gateway
DMZ (De-Militarized Zone)
66
Cryptography

Secure communication requires
Integrity protection ensuring that the message
is not tampered with
Authentication validation ensures the
originator identification
Security threats
Modification of information
Masquerade
Message stream modification
Disclosure
Hardware and software solutions
Most secure communication is software based

67
???????

??? (Confidentiality)
??? (Authentication)
??? (Integrity)
????? (Non-repudiation)
???? (Access control)
??? (Availability)

68
Encryption
Network
atek49ffdlffffe ffdsfsfsff
atek49ffdlffffe ffdsfsfsff
decryption
encryption
ciphertext
ciphertext
Dear John I am happy to know ...
Dear John I am happy to know ...
plaintext
plaintext
69
Cryptography / Encryption

Encryption
Encode, Scramble, or Encipher the plaintext
information to be sent.
Encryption Algorithm
The method performed in encryption.
Encryption Key
A stream of bits that control the encryption
algorithm.
Plaintext
The text which is to be encrypted.
Ciphertext
the text after encryption is performed.

70
Encryption
Encryption Algorithm
Encryption Key
?
Ciphertext
atek49ffdlffffe ffdsfsfsff
Plaintext
Dear John I am happy to know ...
71
Decryption
Decryption Algorithm
Decryption Key
?
Plaintext
Dear John I am happy to know ...
Ciphertext
atek49ffdlffffe ffdsfsfsff
72
Encryption / Decryption
73
Encryption Techniques

Private Key Encryption
Encryption Key Decryption Key
Also called Symmetric-Key Encryption, Secret-Key
Encryption, or Conventional Cryptography.
Public Key Encryption
Encryption Key ? Decryption Key
Also called Asymmetric Encryption

74
Private Key Encryption - DES (Data Encryption
Standard)

Adopted by U.S. Federal Government.
Both the sender and receiver must know the same
secret key code to encrypt and decrypt messages
with DES
Operates on 64-bit blocks with a 56-bit key
DES is a fast encryption scheme and works well
for bulk encryption.
Issues
How to deliver the key to the sender safely?

75
Symmetric Key in DES
76
Other Symmetric Key Encryption Techniques

3DES
Triple DES
RC2, RC4
IDEA
International Data Encryption Algorithm

77
Key Size Matters!
Centuries Decades Years Hours
168-bits
Triple-DES (recommended for commercial
corporate information)
Information Lifetime
56-bits
40-bits
100s 10K 1M 10M
100M Budget ()
78
Public Key Encryption RSA

The public key is disseminated as widely as
possible. The secrete key is only known by the
receiver.
Named after its inventors Ron Rivest, Adi Shamir,
and Leonard Adleman
RSA is well established as a de facto standard
RSA is fine for encrypting small messages

79
Asymmetric Key in RSA
80
Key Length
Average Time for Exhaustive Key Search
9
32
32 Bits 2 4.3 X 10
56
16
Number of Possible Key
56 Bits 2 7.2 X 10
Symmetric Cipher (Conventional)
Asymmetric (RSA/D-H)
128
38
128 Bits 2 3.4 X 10
40 Bits 274 Bits
56 Bits 384 Bits 64
Bits 512 Bits 80
Bits 1024 Bits 96 Bits
1536 Bits 112 Bits
2048 Bits 120 Bits
2560 Bits 128 Bits
3072 Bits 192 Bits
10240 Bits
31
32 Bits gt 2 usec 36 min
Time required at 1 Encryption/uSEC
127
24
128 Bits gt 2 usec 5X10 Years
32 Bits gt 2 millsec
Time required at 10 Encryption/uSEC
56 Bits gt 10 Hours
Performance
6
18
128 Bits gt 5X10 Years
30200 1
81
Hybrid Encryption Technology PGP (Pretty Good
Privacy)

Hybrid Encryption Technique
First compresses the plaintext.
Then creates a session key, which is a
one-time-only secret key.
Using the session key, apply a fast conventional
encryption algorithm to encrypt the plaintext.
The session key is then encrypted to the
recipients public key.
This public key-encrypted session key is
transmitted along with the ciphertext to the
recipient.

82
PGP Encryption
83
PGP Decryption

The recipient uses its private key to recover the
temporary session key
Use the session key to decrypt the
conventionally-encrypted ciphertext.

84
PGP Decryption
85
Message Digest

Message digest is a cryptographic hash
algorithm added to a message
One-way function
Analogy with CRC
If the message is tampered with the message
digest at the receiving end fails to validate
MD5 (used in SNMPv3) commonly used MD
MD5 takes a message of arbitrary length
(32-Byte) blocks and generates 128-bit message
digest
SHS (Secured Hash Standard) message digest
proposed by NIST handles 264 bits and generates
160-bit output

86
Digital Signatures

Digital signatures enable the recipient of
information to verify the authenticity of the
informations origin, and also verify that the
information is intact.
Public key digital signatures provide
authentication
data integrity
non-repudiation
Technique public key cryptography
Signature created using private key and validated
using public key

87
Simple Digital Signatures
88
Secure Digital Signatures
89
Authentication and Authorization

Authentication verifies user identification
Client/server environment
Host/User Authentication
Ticket-granting system
Authentication server system
Cryptographic authentication
Messaging environment
e-mail
e-commerce
Authorization grants access to information
Read, read-write, no-access
Indefinite period, finite period, one-time use

90
Host Authentication

Allow access to a service based on a source host
identifier, e.g. network address.
Issues
A host can change its network address.
Different users in the same host have the same
authority.

91
User Authentication

Enable service to identify each user before
allowing that user access.
Password Mechanism
Generally, passwords are transferred on the
network without any encryption.
Use encrypted passwords.
Users tend to make passwords easy to remember.
If the passwords are not common words, users will
write them down.
Host Authentication User Authentication

92
Ticket-granting system
93
Ticket-granting system

Used in client/server authentication system
Kerberos developed by MIT
Steps
User logs on to client workstation
Login request sent to authentication server
Auth. Server checks ACL, grants encrypted ticket
to client
Client obtains from TGS service-granting ticket
and session key
Appl. Server validates ticket and session key,
and then provides service

94
Authentication Server
95
Authentication Server

Architecture of Novell LAN
Authentication server does not issue ticket
Login and password not sent from client
workstation
User sends id to central authentication server
Authentication server acts as proxy agent to the
client and authenticates the user with the
application server
Process transparent to the user

96
Message Transfer Security

Messaging one-way communication
Secure message needs to be authenticated and
secured
Three secure mail systems
Privacy Enhanced Mail (PEM)
Pretty Good Privacy (PGP)
X-400 OSI specifications that define
framework not implementation specific

97
Privacy Enhanced Mail

Developed by IETF (RFC 1421 - 1424)
End-to-end cryptography
Provides
Confidentiality
Authentication
Message integrity assurance
Nonrepudiation of origin
Data encryption key (DEK) could be secret or
public key-based originator and receiver agreed
upon method
PEM processes based on cryptography and message
encoding
MIC-CLEAR (Message Integrity Code-CLEAR)
MIC-ONLY
ENCRYPTED

98
PEM Processes
DEK Data Encryption Key IK Interexchange
Key MIC Message Integrity Code
99
Use of PGP in E-mail
100
SNMPv3 Security
101
SNMPv3 Security

Authentication key equivalent to DEK in PEM or
private key in PGP
Authentication key generated using user password
and SNMP engine id
Authentication key may be used to encrypt
message
USM prepares the whole message including
scoped PDU
HMAC, equivalent of signature in PEM and PGP,
generated using authentication key and the whole
message
Authentication module provided with
authentication key and HMAC to process incoming
message

102
Virus Attacks

Executable programs that make copies and insert
them into other programs
Attacks hosts and routers
Attack infects boot track, compromises cpu,
floods network traffic, etc.
Prevention is by identifying the pattern of the
virus and implementing protection in virus
checkers

103
Accounting Management

Least developed
Usage of resources
Hidden cost of IT usage (libraries)
Functional accounting
Business application

104
Report Management
105
(No Transcript)
106
Policy-Based Management
107
Policy-Based Management

Domain space consists of objects (alarms with
attributes)
Rule space consists of rules (if-then)
Policy Driver controls action to be taken
Distinction between policy and rule policy
assigns responsibility and accountability
Action Space implements actions

108
Service Level Management