NETWORK SECURITY

MANAGEMENT
Chapter 2: Network Management

Objectives
1. Illustrate Network Management goals & standards
2. Examine Network Management Model
3. Describe Network Management Platforms & Applications
4. Identify Network Management Protocols
 What is network management?
• Network management is the top-level administration and maintenance of large networks.

• Network management is a service that uses a variety of tools, applications, protocol analyser and
devices to assist network managers in monitoring and maintaining networks.

• Network management manages the network resources comprising clients, servers, printers, hubs,
switches, routers and links and connectivity between network resources.

• Network management infrastructure involves a distributed database, auto polling of network

devices, and high-end workstations generating real-time graphical views of network topology
changes and traffic.

The most Common Network Problems are:

• Loss of connectivity, Duplicate IP address, Intermittent problems, Network configuration issues,
Performance problems.

• Network Management can also be defined as OAM&P (Operations, Administration, Maintenance,

and Provisioning) of network and services.
Network Management provides Systems management provides the
services for: following services:
Administrating the network Hardware configuration.

Controlling the network Software installation.

Monitoring the network Anti-virus and anti-malware management.

Managing the network User's activities monitoring.

Securing the network Capacity monitoring.

Reporting about the network Storage management.

Resource utilization monitoring.

• A network administrator's main responsibilities include
• installing, configuring and supporting an organization's LAN, WAN, Internet systems or a
segment of a network system.
• Also configuring the network switches, a virtual private network (VPN) and routing are also
typical duties.

• Routing: which refers to the process of selecting the paths in a computer network
on which to send data, is an important area of network management.
• In this area of network management, logically addressed packets are passed from
their source to their destination through nodes, which are called routers, in a process
called forwarding.
• This is usually based on routing tables that maintain a record of the most efficient
routes.

• A system administrator is responsible for the computer system itself, including

• software and hardware installation and upkeep,
• data recovery and backup,
• setup, and training on user accounts and
• maintenance of basic security.
Network management is governed by a large number of protocols like:

• SNMP, ( Simple Network management protocol)

Simple Network Management Protocol is an Internet Standard protocol for collecting and organizing information
about managed devices on IP networks and for modifying that information to change device behavior.

• CMIP, (Common Management Information Protocol)

CMIS/CMIP is the network management protocol specified by the ISO/OSI Network management model and is further
defined by the ITU-T in the X.700 series of recommendations.

CMIP models management information in terms of managed objects and allows both modification and performing
actions on managed objects.

• WBEM (Web based Enterprise Management),

Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the
management of distributed computing environments.

• Common Information Model,

The Common Information Model is an open standard that defines how managed elements in an IT environment are
represented as a common set of objects and relationships between them.

• Java Management Extensions etc.

Java Management Extensions is a Java technology that supplies tools for managing and monitoring applications, system
objects, devices and service-oriented networks. Those resources are represented by objects called MBeans
Goals of Network Management
The overall goal of network management is to
• controlling a complex data network to maximize its efficiency and productivity.
• reduce the complexity of a data network and to ensure the quality service.

The International Organization for Standardization (ISO) Network Management Forum

divided network management into five functional areas:
They are:
1) – Fault Management
2) – Configuration Management
3) – Security Management
4) – Performance Management
5) – Accounting Management
Functional areas of Network Management OSI
Functional Model

Configuration Fault Performance Security Accounting

Management Management Management Management Management

Configuration Management
• The goal of configuration management is to monitor network and system configuration
information so that the effects on network operation of various versions of hardware and
software elements can be tracked and managed.
• The configuration of certain network devices controls the behavior of the data network.
• (Example: Configuring routing protocols like BGP, OSPF, in router will control the routing)
• Configuration management is the process of finding and setting up (configuring) these critical
devices
• (Example: SNMP is used to manage the network, but different versions are there SNMP Version1,
Version2 and Version 3)
Fault Management :
FM is the process of locating problems, or faults, on the data network.

Steps involved in the fault management process:

• Discover the problem, ddetermine exactly where the fault is.

• Isolate the rest of the network from the rest of the failure so that it can continue the
operation without interference.

• Reconfigure or modify the network in such a way as to minimize the impact of operation
without failed components.

• Repair the failed component to restore the network to its initial state.
Security Management
• Security management is concerned with managing information protection and controlling
access to information on the data network
• Provides a way to monitor access points and records information on a periodic basis
• Provides audit trails and sounds alarms for security breaches

Performance Management
Involves measuring the performance of the network resources like hardware, software,
and media

Performance Management is used to measure the following network parameters:

– Overall throughput
– Percentage utilization
– Error rates
– Response time
Performance Management
• Performance management of a computer network consists of two broad category monitoring and
controlling
Monitoring:
• is the function that tracks the activities on the network.
Controlling:
• Is the function enables performance management to make adjustments to improve the network
performance.

What are the performance issues that affects the network?

• Network resource utilization.
• Network traffic.
• Network throughput.
• Bottlenecks.
• Increasing response time.
Accounting Management
• Involves tracking individual’s utilization and grouping of network resources to ensure
that users have sufficient resources
• Involves granting or removing permission for access to the network

Network Management Standards

They are:
• OSI model,
• The Internet model,
• Telecommunications Management Network (TMN),
• IEEE LAN/WAN and
• Web-based management.
 The OSI management protocol standard is developed from Common Management
Information Protocol (CMIP).
Common Management Information Service (CMIS),
• that specify the basic services needed to perform the various functions.
• It is the most set of specifications and address all seven layers of the OSI reference
model.
• The specifications are object-oriented and hence managed object are based on object
classes and inheritance rules.
• LAN and WAN can be managed using CMIP/CMIS.

Two major drawbacks of the OSI management standard are

it is complex and that the CMIP stack is layer.
memory of an ordinary desktop workstation was not sufficient to load a complete
CMIP stack.
SNMP
• In contrast to CMIP, Simple Network Management Protocol (SNMP) is truly simple as its name
indicates.
• It is stated as an industry standard and
• It has the standard specifications of a standard setting organization.
IEFT
The Internet Engineering Task Force (IETF)
• is responsible for all Internet specifications including network management.
• It is easy to implement and
• its most widely implemented network management system today.
Telecommunications Management Network (TMN)
• is designed to manage the telecommunications network and
• is concerned /focused / oriented towards the needs for telecommunications service provided.
• TMN is standard of the International Telecommunication Union (ITU)
• It is developed based on OSI CMIP/CMIS specifications.
IEEE - Institute of Electrical and Electronics Engineers
The IEEE standards for LAN and MAN specifications are concerned only with OSI layer-1 (physical) and layer-2
(data link) and they as structured similarly to OSI specification.
• Both OSI/CMIP and Internet/SNMP protocols use IEEE standards for the lower layers.
• The IEEE 802.x series of specifications define the standards for the various physical media and data link
protocols.
• IEEE 802.1 specifications present overview, architecture and management.
• IEEE 802.2 standards specify the Logical Link Control (LLC) layer.
• IEEE 802.3 specifications are for Ethernet LANs.

web-based management:
• which is based on using web technology,
• a web server for the management system, and web browsers for network management stations.
• Because this is an evolving technology, no standard exists at present.
• Two technologies are vogue, Web-based Enterprise Management (WBEM) and Java Management
Extensions (JMX).
• A recently formed task force, Desktop Management Task Force (DMTF) is developing specifications
for WBEM.
• JMX is based on a special subset of Java applets developed by Sun Micro Systems that runs in the
network components.
 Network Management Model

OSI Network Management Model

• Most superior of all models
• Comprises four models

SNMP Network Management Model

• Not defined explicitly.
• The first 3 models are similar to the OSI models.
• Addresses the functional model in terms of operations, administration, and security
Organizational model
Describes the:
Components of a network management system
Functions of the components
Functions of a network management system and
Infrastructure of a network management system
It is defined in ISO 10040 OSI System Management Overview.
It defines the terms Objects, Agent and Manager.
Relationships
Network objects consist of network elements such as hosts, bridges, routers and so on.
Network objects can be classified into managed and unmanaged objects or elements.
The managed elements have a management process running in them, called an agent.
The unmanaged elements do not have a management process running in them.
The manager manages the managed element.
There is a database in the manager, but not in the agent.
The manager queries the agent and receives management data, processes it and stores it
in its database.
The agent can also send minimal set of alarm information to the manager unsolicited.
Organization model NM Components
• Manager
• Sends requests to agents
• Monitors alarms
• Houses applications
• Provides user interface

• Agent
• Gathers information from objects
• Configures parameters of objects
• Responds to managers’ requests
• Generates alarms and sends them to mangers

• Managed object
• Network element that is managed
• Houses management agent
• All objects are not managed / manageable
Information model
Deals with the structure and organization of management information.
Describes the:
Structure of management information (SMI)
information database,
Management information base (MIB).
SMI describes:
how the management information is structured and
MIB deals with the relationship and storage of management
information.
Structure and Storage of Management Information
• SMI (Structure of Management Information)
• Defines the syntax and semantics of management information.
• MIB (Management Information Base)
• Conceptual storage of management information
SMI (Structure of Management Information)
SMI defines for a managed object
• Syntax
• Semantics
• plus additional information such as status
Example
sysDescr: { system 1 }
Syntax: OCTET STRING
Definition: "A textual description of the entity. "
Access: read-only
Status: mandatory
Management Information Base (MIB)
• Information base contains information about objects organized by grouping
of related objects
• Defines relationship between objects, It is NOT a physical database.
• It is a virtual database that is compiled into management module.
Agent MIB vs. Manager MIB  MIB View
Communication model
Which has three components:
management application processes:
 that function in the application layer,
layer management
 Works in between layers
layer operation
Works within the layers.
Operations /
Requests

Manager Responses Agent

Notifications / Network Elements /

Applications
Traps Managed Objects

Figure 3.11 Management Message Communication Model

OSI: Operations  Internet: Request/Response
OSI: Notifications  Internet: Traps/Notifications
Transfer Protocols
Manager Operations / Requests / Responses Agent
Applications Traps / Notifications Applications

Manager Agent
SNMP (Internet)
Communication Communication
CMIP (OSI)
Module Module

UDP / IP (Internet)
Transport Layers Transport Layers
OSI Lower Layer Profiles (OSI)
c-l vs. c-o/c-l

Physical Medium
Functional model
Deals with the user-oriented requirement of network management.
OSI defines five functional application areas namely :
 Configuration Management,
 Fault Management,
 Performance Management,
 Security Management
 Accounting management.
These are defined as system management functions in OSI.

Network management platforms & its applications

 A network management platform is a software package
 It provides the basic functionality of network management for different network
components.
 The goal for the platform is to provide generic functionality for managing a variety of
network devices.
Basic features for any platform to include are:
• Graphical User Interface (GUI)
• Network Map
• Database Management System (DBMS)
• Standard Method to Query Devices
• Customizable Menu System o Event Log

Additional features for a platform include:

• Graphing Tools
• Application Programming Interface (API)
• System Security

Management Platforms that exist today

• Sun’s SunNet Manager
• HP’s OpenView
• IBM’s Netview for AIX
• Cabletron’s Spectrum
One of the applications of network management is Remote Monitoring (RMON).

Remote Monitoring (RMON)

• is a standard monitoring specification

• it enables various network monitors and console systems to exchange network-
monitoring data.
• RMON provides network administrators with more freedom in selecting network-
monitoring probes and
• consoles with features that meet their particular networking needs.
• RMON was defined by the user community with the help of the Internet Engineering
Task Force (IETF).
Network Management Model

OSI Network Management Model

• Most superior of all models

• Comprises four models

SNMP Network Management Model

• Not defined explicitly.

• The first 3 models are similar to the OSI models.
• Addresses the functional model in terms of operations, administration, and
security
Network Management Architecture

The Network Management Platform can use various architectures to provide

functionality. The 3 most common are:

• Centralized,
• Hierarchical,
• Distributed.

Centralized Architecture

• The Network Management Platform resides on a single computer system

• For full redundancy, the computer system is backed up by another system
• Can allow access and forward
• events to other consoles
• on network
Used for:
• All network alerts & events
• All network information
• Access all management applications

Pros:
• Single location to view events & alerts
• Single place to access network management applications and information

Cons:
• Single system is not redundant or fault tolerant
• As network elements are added, may be difficult or expensive to scale
system to handle load
• Having to query all devices from a single location
Hierarchical Architecture
• Uses multiple computer systems
– One system acting as the central server
– Other systems working as clients
• Central server requires backups for redundancy
Key features:
• Not dependent on a single system
• Distribution of network management tasks
• Network monitoring distributed throughout
network
• Centralized information storage
Pros:
• Multiple systems to manage the network
Cons:
• Information gathering is more difficult and time consuming
• The list of managed devices managed by each client needs to be predetermined and manually configured
Distributed Architecture
• Combines the centralized and
hierarchical architectures
• Uses multiple peer network
management systems
• Each peer can have a complete
database
• Each peer can perform various tasks
and report back to a central system

Contains advantages from central &

hierarchical architectures
• Single location for all network
information, alerts & events
• Single location to access all
management applications
• Not dependent on a single system
• Distribution of network management
tasks
• Distribution of network monitoring
throughout the network
• Most network management architectures
use the same basic structure and set of
relationships.
• End stations (managed devices),
• such as computer systems and other
network devices, run software that
enables them to send alerts when they
recognize problems
• (for example, when one or more user-
determined thresholds are exceeded).
• Upon receiving these alerts, management
entities are programmed to react by
executing one, several, or a group of
actions, including operator notification,
event logging, system shutdown, and
automatic attempts at system repair.
• Management entities also can poll end
stations to check the values of certain
variables.
• Polling can be automatic or user-
initiated, but agents in the managed
devices respond to all polls.
Network Management Protocols
A simple protocol defines:
• common data formats and parameters,
• allows for easy retrieval of information

A complex protocol adds:

• some change capability and security

An advanced protocol
• remotely executes network management tasks,
• is independent of the network protocol layer

The most common protocols are:

• SNMP (Simple Network Management Protocol)
• SNMPv2 (SNMP version 2)
• CMIS/CMIP (Common Management Information Services /
• Common Management Information Protocol )
SNMP (Simple Network Management Protocol)
• is the simple protocol
• with adequate monitoring capabilities and
• some change capabilities

SNMPv2
• greatly enhances the SNMP feature set

CMIS/CMIP
• approaches the advanced tool,
• but implementation issues have limited its use
SNMP Message Format
• SNMP is an application protocol, which is encapsulated in UDP.
The general SNMP message format for all versions is shown below:

Version -- SNMP version number:

• Both the manager and agent must use the same version of SNMP.
• Messages containing different version numbers are discarded without further
processing.

Community –
• Community name used for authenticating the manager before allowing
access to the agent.
• Authorization and authentication relies on this Community String.

The community string(s) can be read only or read-write.

• Default Community Strings are public (read-only) and
• private (read-write). Community Strings are case sensitive.
• There are two approaches for the management system to obtain information from SNMP.
• They are Traps and Polling.

SNMP Trap
• SNMP traps enable an agent to notify the management station of significant events by way of an
unsolicited SNMP message.
In this diagram,
• the setup on the left shows a network management system that polls information and
gets a response.
• The setup on the right shows an agent that sends an unsolicited or asynchronous trap to
the network management system (NMS).
SNMPv1 and SNMPv2,
• with the associated Management Information Base (MIB),
• encourage trap-directed notification.

The idea behind trap-directed notification is :

• if a manager is responsible for a large number of devices, and each device has a large
number of objects,
• it is impractical for the manager to poll or request information from every object on
every device.
• The solution is for each agent on the managed device to notify the manager without
solicitation.
• It does this by sending a message known as a trap of the event.
• After the manager receives the event, the manager displays it and can choose to take
an action based on the event.
For instance,
• the manager can poll the agent directly, or poll other associated device agents to get a
better understanding of the event.
• Trap-directed notification can result in substantial savings of network and agent resources
by eliminating the need for frivolous SNMP requests.
• However, it is not possible to totally eliminate SNMP polling.
• SNMP requests/ polling are required for discovery and topology changes.
• In addition, a managed device agent can not send a trap, if the device has had a
catastrophic outage or totally failed or in irrecoverable state.
SNMPv1 traps are defined in RFC 1157, with these fields:
Enterprise – Identifies the type of managed object that generates the trap.
Agent address – Provides the address of the managed object that generates the trap.
Generic trap type – Indicates one of a number of generic trap types.
Specific trap code — Indicates one of a number of specific trap codes.
Time stamp — Provides the amount of time that has elapsed between the last network re-
initialization and generation of the trap.
Variable bindings — The data field of the trap that contains PDU. Each variable binding
associates a particular MIB object instance with its current value.
PDU (Protocol Data Unit) – The PDU types and formats are different for SNMPv1, v2 and v3.
SNMP Version-1 Trap Message
Enterprise Agent address Generic Specific trap Time stamp Variable bindings PDU (Protocol
trap type code Data Unit)
Type of the Address of the Indicates Indicates Trap Time diff Associate a Particular V1, V2 or V3
object managed object trap type Codes MIB objects
• All SNMP PDUs are constructed as follows:

The seven SNMP protocol data units (PDUs) are as follows:

• GetRequest
• SetRequest
• GetNextRequest
• GetBulkRequest
• Response
• Trap
• InformRequest
SNMP Security
• SNMP lacks any authentication capabilities,
• which results in vulnerability to a variety of security threats.
These include
• masquerading occurrences, (Ex: a woman masquerading as a man)
• modification of information, message sequence and
• timing modifications, and
• disclosure.

Message sequence and timing modifications occur

when an unauthorized entity reorders, delays, or copies and later replays a message
generated by an authorized entity.

Disclosure results
when an unauthorized entity extracts values stored in managed objects, or learns of
notifiable events by monitoring exchanges between managers and agents.
• Because SNMP does not implement authentication, many vendors do not implement Set
operations, thereby reducing SNMP to a monitoring facility.

SNMP Interoperability

SNMPv2 is incompatible with SNMPv1 in two key areas: message formats and protocol
operations.

SNMPv2 messages use different header and protocol data unit (PDU) formats than
SNMPv1 messages.

SNMPv2 also uses two protocol operations that are not specified in SNMPv1