1 network control mi-jung choi dept. of computer science knu email: [email protected]
TRANSCRIPT
2
Table of Contents
• Introduction• Configuration Control• Security Control
3
Introduction• Network control is concerned with modifying parameters
in and causing actions to be taken by the end systems, intermediate systems, and subnetworks that make up the network to be managed
• All five functional areas of NM involve monitoring and control but configuration and security are more concerned with control
• Issues in network control– what to control?
• define what is to be controlled
– how to control?• how to cause actions to be performed
4
Configuration Management
1. Define Configuration Information
2. Configuration Monitoring– Examine values and relationships– Report on configuration status
3. Configuration Control may be required as a result of monitoring or event reports– Initialize and terminate network operations– Set and modify attribute values– Define and modify relationships
5
Define Configuration Information
• Includes the nature and status of managed resources– specification and attributes of resources
• Network Resources– physical resources
• end systems, routers, bridges, switches, modems, etc.
– logical resources• TCP connections, timers, counters, virtual circuits, etc.
• Attributes– name, address, ID number, states, operational characteristics, #
of connections, etc.
• Control function should be able to– define new classes and attributes (mostly done off-line)– define the type and range of attribute values
6
Set and Modify Attribute Values
• when requesting agents to perform set and modify– the manager must be authorized– some attributes cannot be modified (e.g., # of physical ports)
• Modification categories– MIB update only
• does not require the agent to perform any other action
• e.g., update of static configuration information
– MIB update plus resource modification• requires the agent to modify the resource itself
• e.g., changing the state of a physical port to “disabled”
– MIB update plus action• perform actions as a side effect of set operation
• SNMP takes this approach
7
Define and Modify Relationships
• a relationship describes an association, connection, or condition that exists between network resources– topology– hierarchy– containment– physical or logical connections– management domain
• Configuration control should allow on-line modification of resources without taking all or part of network down
8
Security Management
• What should be secured in networks?– information security– computer security– network security
• Security Requirements– Secrecy
• making information accessible to only authorized users
• includes the hiding of the existence of information
– Integrity• making information modifiable to only authorized users
– Availability• making resources available to only authorized users
9
Security Threats• Interruption
– destroyed or becomes unavailable or unusable– threat to “availability”
• Interception– an unauthorized party gains access– threat to “secrecy”
• Modification– an unauthorized party makes modification– threat to “integrity”
• Fabrication– an unauthorized party inserts false information
• Masquerade– an entity pretends to be a different entity
10
Types of Security Threats
Informationsource
informationdestination
(a) Normal flow
(b) Interruption(c) Interception
(d) Modification (e) Fabrication
11
Security Threats and Network Assets
. .
. .
DataCommunication
Lines
hardware Software
Masquerade
Modification
Interception(capture, analysis)
Interruption(loss)
Masquerade
ModificationInterception
(capture, analysis)
Interruption(loss)
Modification
Interception Interruption(deletion)
Interruption(theft, denial of service)
12
Security Management Functions• Maintain Security Information
– event logging, monitoring usage of security-related resources– receiving notification and reporting security violations– maintaining and examining security logs– maintaining backup copies of security-related files
• Control Resource Access Service– use access control (authentication and authorization)
• security codes (e.g., passwords)
• routing tables, accounting tables, etc.
• Control the Encryption Process– must be able to encrypt messages between managers & agents– specify encryption algorithms
13
Summary
• Network control is concerned with setting and changing parameters of various parts of network resources as consequences of network monitoring and analysis
• Configuration control and security control are two essential aspects of network control
• READ Chapter 3 of Textbook