Computer Networking Network Management and Security

1
Computer NetworkingNetwork Management and
Security

• Dr Sandra I. Woolley

The IP loopback address is 127.0.0.1 for
addressing your own computer.
2
Contents

• Introduction to network management
• SNMP
• Traps
• Managing servers and users
• Network security
• Footprinting, scanning and enumeration
• Behaviour profiles
• Malicious programs
• Passwords
• References
• Network security essentials - Applications and
  Standards, W. Stallings, Prentice Hall, 2000,
  0-13-016093-8
• Hacking exposed, Scambray, McClure and Kurtz,
  McGraw-Hill, 2nd Ed, 2001, 0-07-212748-1

3
Network Management

4
Network Management

• The ability to manage and control an entire
  network and all its component parts.
• The collection of hardware and software to do
  this is the Network Management System (NMS).
• Modern networks are large and complex and need
  automated mechanisms to help with monitoring and
  management.

5
Network Management

• We can be split management into three parts.
• Infrastructure management the network
  infrastructure cables, hubs, network cards, etc.
• Server management the information sources
• User management keeping the users under
  control

http//pacificcomputersolutions.com/images/server.
room460x276.jpg
6
Network Infrastructure Management

• Fault management- Detecting, isolating and
  correcting faults. Both active components
  (bridges, routers, LAN cards) and passive
  (cables.)
• Accounting management Accumulation and analysis
  of usage statistics. Useful for user monitoring
  and charging, particularly where public networks
  are used.
• Configuration management Monitoring and
  controlling the set-up and changes to network
  equipment.
• Performance management Gathering and analysing
  network statistics such as throughput and
  capacity. Used to identify bottlenecks, spare
  capacity and predict future requirements.
• Security management Controlling access to
  network operations. Includes access control,
  encryption and authorisation.

7
Historic Network Management

• Early network devices were managed using
  proprietary systems.
• They used custom protocols and often were not
  scalable outside the LAN.
• Modern networks are multi-vendor and extend to
  the WAN a standard was needed.
• systems from multiple manufacturers

http//www.theregister.co.uk/2002/10/24/server_roo
m_dangerous_heres_bofh/
8
Simple Network Management Protocol SNMP

• Usually abbreviated to SNMP
• A standard TCP/IP protocol (RFC 1157, 1990)
• There were a number of vulnerabilities in this
  first version including, for example, plaintext
  password communication.
• Improvements to SNMP include V2 in 1993 and V3 in
  2004.
• SNMP defines a structure for collecting,
  delivering and storing network information.

MIB (Management Information Base)
9
SNMP Functionality

• SNMP devices collect statistics and the Network
  Management Station (NMS) receives this data
  regularly.
• To minimise traffic, the collection period can be
  long, say 5 minutes.
• However, something important may happen. A fast
  reporting mechanism is also needed.
• Devices can trap an event and send a message to
  the NMS for immediate action.

10
Traps

• Traps are can be used to quickly report things
  like-
• Excessive traffic
• Excessive collisions (e.g., from CSMA/CD)
• Low traffic (may indicate a fault somewhere?)
• Broken or disconnected cables
• Devices powered down (trap sent from another
  device)

SNMP Trap Managing Software http//www.oidview.com
/snmp_trap_management.html
11
Server Management

• Servers e.g., web, intranet, filespace
• Various operating systems including versions of
  Windows and Unix.
• Each one has its own peculiarities
• Server management is closely linked to user
  management preventing the users (and hackers!)
  damaging the systems.
• Robust data backup is essential. In large
  systems active filespace would be stored on RAID
  systems (redundant array of inexpensive disks).
  Entire tape backups would be done regularly (say
  weekly) with incremental backups performed each
  night. Tapes would be stored in fire-proof
  water-proof safes.

12
User Management

• Networks are totally reliable until the users
  login
• Accidental problems
• forgotten passwords
• deleted files etc.
• Loopholes
• web server
• networked machines that allow user installs or
  user write access
• Deliberate hacks
• users trying to stop the system working for
  malicious reasons

http//www.thinkgeek.com/homeoffice/supplies/a475/
13
Smaller Networks

• Small Networks
• Most small networks are SOHO (small office/ home
  office) users use the network as a tool, say up
  to 10 users with no formal administrator.
• All users often have full access to everything,
  e.g. secretaries can all read and write to each
  others computers
• In the past, such networks were not connected to
  the Internet (the ultimate security solution?)
• Medium Networks
• Between 10 and 200 users, often with a single
  server.
• Still managed by one administrator who controls
  everything.
• Users still know each other by name, so casual
  file access may be tolerated.

14
Bigger Networks

• Large Networks
• Over a few hundred users, multiple servers and
  multiple administrators. E.g., the University
  network.
• Some users will be computer literate and may
  enjoy the challenge of exploring or defeating
  security mechanisms.
• Management becomes complex and more challenging.
• Enormous Networks The Internet
• No real central control available to anyone on
  the planet.
• Users are not traceable no need to logon to the
  Internet.
• ISPs will sign up anyone using a random name.
• EMAIL names are available with no checking.
• Many, many hackers.

15
Network Security

16
Content

• Footprinting, scanning and enumeration.
• Detecting intruders
• Malicious programs
• Passwords

http//www.2600.com/
17
Security - Accessing Network Information

• Footprinting
• Gathering information on a network (creating a
  profile of an organizations security posture -
  identifying a list of network and IP addresses.)
• Scanning
• Identifying live and reachable target systems.
  (Ping sweeps, port scans, application of
  automated discovery tools).
• Enumeration
• Extracting account information. (Examining
  active connections to systems).

18
Behaviour Profiles
19
Malicious Programs
20
Malicious Programs

• Trap doors
• A secret entry point into a program which
  circumnavigates the usual security access
  procedures.
• Often legitimately used for debugging and testing
  - but vulnerable to misuse.
• Logic bombs
• Code embedded into a legitimate program that is
  set to explode when some conditions are met.
• E.g. test for dates. In a famous case, a logic
  bomb tested for an employee ID number and
  triggered if it failed to be listed on the
  payroll in 2 consecutive months.
• Trojan horses
• An apparently useful program containing hidden
  code that performs unwanted/harmful functions
  when invoked.

21
Malicious Programs

• Viruses
• A program that can infect other programs by
  modifying them (the modification includes a copy
  of the virus program).
• Dormant phase Virus is idle until activated by
  some event such as a date, presence of some other
  file or capacity of disk.
• Propagation phase The virus places a copy of
  itself into another program or filespace.
• Triggering phase The virus is activated by an
  event. This may be related to the number of
  copies made of itself.
• Execution phase The function is performed.
• Worms
• Use network connections to spread from system to
  system. Once active within a system, a network
  worm can behave as a virus or bacteria or could
  implant Trojan horses.
• To replicate itself a worm needs a network
  vehicle, e.g., e-mail, remote login or execution
  capabilities.
• Bacteria
• Programs that do not explicitly damage files -
  but simply replicate. Eventually replication may
  result in taking up all processor capacity,
  memory, disk space.

22
Passwords

• Some users, when allowed to choose any password,
  will select very short ones.
• William Stallings is a famous network security
  author. He quotes the example here from Purdue
  University.
• People also tend to select guessable passwords.

23
Passwords

• Stallings references a report which demonstrates
  the effectiveness of password guessing.
• The author collected UNIX passwords from a
  variety of encrypted password files.
• Nearly 25 of passwords were guessed with the
  following strategy-
• Try users name, initials, account name (130
  permutations for each).
• Try dictionary words - including the systems own
  on-line dictionary (60,000 words).
• Try permutations of words from step above
  (Including making first letter uppercase or a
  control character, making the entire word
  uppercase, reversing the word, changing os to
  0s etc (another 1 million words to try).
• More capitalization permutations (another million
  words to check).

24
(No Transcript)
25
Thank You
26
Computer NetworkingWireless NetworksNew
Standards, new applications, new issues

• Dr Sandra I. Woolley

27
Progress Toward Wearable Computing

• Computers are getting smaller and smaller ...
• Decreasing size gtgtgt Increasing mobility gtgtgt
  Decreasing visibility/noticeability
• Room computer desktop luggable portable
  palmtop handheld embedded wearable
  invisible?

Alex Bilstein holding the first "luggable"
computer, the 1981 Osborne 1 photo by Jana
Birchum Flexible screen technology developed by
Universal Display. Toshiba's 0.85 inch hard disk
drive can store 4 GB of data.
28
Mobility and Usability

• Computing and communications dont naturally suit
  mobility.
• New physical interfaces beyond the
  keyboard/keypad and mouse are needed.
• And new software interfaces beyond WIMP (Windows,
  Icons, Mouse, pointer) are needed also.
• Keeping users mobile and task-focused presents
  interesting challenges.
• The new motorway signs THINK DON'T PHONE WHILE
  DRIVING are a sign of the time.

Left top TINMITH2 - the mobile research AR
platform developed at the Wearable Computer
Laboratory in the University of South Australia.
Above middle wearcam.org and right Chris Baber
at Birmingham
29
Mobile Technology and Solutions

• New, and sometimes simple, ideas can make
  mobility easier.
• And there are some useful new technologies and
  products.
• Wireless communications, e.g., Wi-Fi, bluetooth,
  sensor network
• Smart phones and 3G
• RFID tagging technology
• GPS SATNAV, TomTom GO

30
Wireless and Personal Area Networks

• IEEE 802.15 - Wireless PAN (Personal Area
  Network) Standards.
• Wi-Fi (IEEE 802.11b and g) and Bluetooth (IEEE
  802.15.1)
• Sensor area networks (IEEE 802.15.4) and Zigbee
  for low-power short range wireless
  communications.
• Challenges in design and management of
  communications in mobile multi-sensing systems
  interacting with other mobile multi-sensing
  systems and in multi-sensing environments.

31
Privacy and Security

• Issues of digital and pervasive privacy and
  security are active areas of debate and research.
• Privacy is dead, deal with it, Sun MicroSystems
  CEO, Scott McNealy.
• Privacy The Achilles heel of Pervasive
  Computing M.Satyanarayanan
• (Editorial of IEEE Pervasive Computing Magazine
  on special issue on Security and Privacy, 2003.)
• Unease associated with pervasive computing
  systems might involve location tracking and
  smart spaces monitoring user locations and
  activities on an almost continual basis.
• New pervasive computing infrastructures can
  expect new classes of malicious software.

Top (c) Chuck Painter/Stanford News Service-
Ralph Merkle, Martin Hellman, Whitfield Diffie
(1977) - defined a system of safe key
exchange Middle Adi Shamir, Ronald Rivest und
Leonard Adleman - creators of RSA (used in PGP)
32
What About Wireless Security?

• There are increasing concerns about the security
  of new wireless networks.
• What about the hackability of smarthomes?
• Bluetooth viruses are now appearing and there is
  a growing awareness that malware is going mobile.
• Security for new wireless networks is an active
  area of research.

33
What About EMF Exposure?

• The human body uses both chemical and electrical
  signalling.
• Excessive exposure to electromagnetic fields has
  a negative impact on human health and causes
  chromosomal damage. There is no consensus on
  what is excessive and what is safe.
• Can much lower power systems be made in the
  future? Can wireless systems seamlessly
  interoperate with wired systems?
• The Body Electric summarises a few of the
  issues. (The presentation can be found on my web
  page).
• http//www.eee.bham.ac.uk/woolleysi/thebodyelectr
  ic.ppt

34
Thank You