Transcript Computer Networking - Electronic, Electrical and Systems Engineering

Computer Networking
Network Management and Security
Dr Sandra I. Woolley
The IP loopback
address is 127.0.0.1
for addressing your
own computer.
Contents

Introduction to network management
– SNMP
– Traps
– Managing servers and users

Network security
– Footprinting, scanning and enumeration
– Behaviour profiles
– Malicious programs
– Passwords
References :

Network security essentials - Applications and Standards, W. Stallings, Prentice Hall, 2000,
0-13-016093-8

Hacking exposed, Scambray, McClure and Kurtz, McGraw-Hill, 2nd Ed, 2001, 0-07-212748-1
2
Network Management

The ability to manage and
control an entire network and
all its component parts.

The collection of hardware
and software to do this is the
Network Management
System (NMS).

Modern networks are large
and complex and need
automated mechanisms to
help with monitoring and
management.
Network Management
We can split management into
three parts.

Infrastructure management –
the network infrastructure;
cables, hubs, network cards,
etc.

Server management – the
information sources.
http://pacificcomputersolutions.com/images/server.room460x276.jpg

User management –
“keeping the users under
control”.
Network Infrastructure Management

Fault management - Detecting, isolating and correcting faults. Both
active components (bridges, routers, LAN cards) and passive (cables.)

Accounting management – Accumulation and analysis of usage
statistics. Useful for user monitoring and charging, particularly where
public networks are used.

Configuration management – Monitoring and controlling the set-up
and changes to network equipment.

Performance management – Gathering and analysing network
statistics such as throughput and capacity. Used to identify bottlenecks,
spare capacity and predict future requirements.

Security management – Controlling access to network operations.
Includes access control, encryption and authorisation.
5
Historic Network Management

Early network devices were managed
using proprietary systems.

They used custom protocols and often
were not scalable outside the LAN.

Modern networks are multi-vendor* and
extend to the WAN – a standard was
needed.
*systems from multiple manufacturers
http://www.theregister.co.uk/2002/10/24/server_room_dangerous_heres_bofh/
6
Simple Network Management Protocol SNMP





Usually abbreviated to SNMP
A standard TCP/IP protocol
(RFC 1157, 1990)
There were a number of
vulnerabilities in this first
version including, for example,
plaintext password
communication.
Improvements to SNMP include
V2 in 1993 and V3 in 2004.
SNMP defines a structure for
collecting, delivering and
storing network information.
MIB (Management Information Base)
SNMP Functionality




SNMP devices collect statistics
and the Network Management
Station (NMS) receives this
data regularly.
To minimise traffic, the
collection period can be long,
say 5 minutes.
However, something important
may happen. A fast reporting
mechanism is also needed.
Devices can ‘trap’ an event and
send a message to the NMS for
immediate action.
Traps

Traps are can be used to
quickly report things
like:– Excessive traffic
– Excessive collisions (e.g.,
from CSMA/CD)
– Low traffic (may indicate a
fault somewhere?)
– Broken or disconnected
cables
– Devices powered down
(trap sent from another
device)
SNMP Trap Managing Software
http://www.oidview.com/snmp_trap_management.html
Server Management

Servers: e.g., web, intranet, filespace.

Various operating systems including versions of Windows and
Unix.

Each one has its own peculiarities.

Server management is closely linked to user management –
preventing the users (and hackers!) damaging the systems.

Robust data backup is essential. In large systems active
filespace would be stored on RAID systems (redundant array of
inexpensive disks). Entire tape backups would be done regularly
(say weekly) with incremental backups performed each night.
Tapes would be stored in fire-proof, water-proof safes.
10
User Management

“Networks are totally reliable … until
the users login.”

Accidental problems
– forgotten passwords
– deleted files etc.

Loopholes
– web server
– networked machines that allow
user installs or user write access

Deliberate hacks
– users trying to stop the system
working for malicious reasons
http://www.thinkgeek.com/homeoffice/supplies/a475/
11
Smaller Networks
Small Networks
 Most small networks are SOHO (small office/ home office) users
use the network as a tool, say up to 10 users with no formal
administrator.
 All users often have full access to everything, e.g. secretaries
can all read and write to each others computers.
 In the past, such networks were not connected to the Internet
(the ultimate security solution?)
Medium Networks
 Between 10 and 200 users, often with a single server.
 Still managed by one administrator who controls everything.
 Users still know each other by name, so casual file access may
be tolerated.
12
Bigger Networks
Large Networks
 Over a few hundred users, multiple servers and multiple
administrators. E.g., the University network.
 Some users will be computer literate and may enjoy the challenge
of exploring or defeating security mechanisms.
 Management becomes complex and more challenging.
Enormous Networks – The Internet
 No real central control – available to anyone on the planet.
 Users are not traceable – no need to logon to the Internet.
 ISP’s will sign up anyone using a random name.
 Email names are available with no checking.
 There are very many hackers.
13
Network Security
Content

Footprinting, scanning
and enumeration.

Detecting intruders

Malicious programs

Passwords

Selected figures are from “Network
Security Essentials – Applications and
Standards”, W. Stallings, Prentice Hall,
ISBN 0-13-016093 (The author has
written other excellent titles in networking
and security).
http://www.2600.com/
Security - Accessing Network Information

Footprinting
– Gathering information on a network (creating a profile of an
organization’s security posture - identifying a list of network
and IP addresses.)

Scanning
– Identifying live and reachable target systems. (Ping sweeps,
port scans, application of automated discovery tools).

Enumeration
– Extracting account information. (Examining active
connections to systems).
16
Behaviour Profiles
17
Social Engineering

Manipulating people to
divulge confidential
information rather than
using technical cracking
skills.

E.g., Phishing
– Typically emails that
appear to come from
legitimate sources
requesting information.
Often provides a link to a
web page that looks like
the legitimate one.
18
Malicious Programs
19
Malicious Programs

Trap doors
– A secret entry point into a program which circumnavigates the usual
security access procedures.
– Often legitimately used for debugging and testing - but vulnerable to
misuse.

Logic bombs
– Code embedded into a legitimate program that is set to ‘explode’
when some conditions are met.
– E.g. test for dates. In a famous case, a logic bomb tested for an
employee ID number and triggered if it failed to be listed on the
payroll in 2 consecutive months.

Trojan horses
– An apparently useful program containing hidden code that performs
unwanted/harmful functions when invoked.
20
Malicious Programs

Viruses
– A program that can infect other programs by modifying them (the
modification includes a copy of the virus program).





Dormant phase : Virus is idle until activated by some event such as a
date, presence of some other file or capacity of disk.
Propagation phase : The virus places a copy of itself into another
program or filespace.
Triggering phase : The virus is activated by an event. This may be
related to the number of copies made of itself.
Execution phase : The function is performed.
Worms
– Use network connections to spread from system to system. Once
active within a system, a network worm can behave as a virus or
bacteria or could implant Trojan horses.


To replicate itself a worm needs a network vehicle, e.g., e-mail, remote
login or execution capabilities.
Bacteria
– Programs that do not explicitly damage files - but simply replicate.
Eventually replication may result in taking up all processor capacity,
memory, disk space.
21
Passwords

Some users, when
allowed to choose any
password, will select
very short ones.

William Stallings is a
famous network
security author. He
quotes the example
here from Purdue
University.

People also tend to
select guessable
passwords.
Passwords



Stallings references a report which demonstrates the
effectiveness of password guessing.
The author collected UNIX passwords from a variety of
encrypted password files.
Nearly 25% of passwords were guessed with the following
strategy:– Try user’s name, initials, account name (130 permutations for
each).
– Try dictionary words - including the system’s own on-line
dictionary (60,000 words).
– Try permutations of words from step above (Including making
first letter uppercase or a control character, making the entire
word uppercase, reversing the word, changing o’s to 0’s etc
(another 1 million words to try).
– More capitalization permutations (another million words to
check).
23
24
Thank You
Computer Networking
Wireless Networks
New Standards, new applications, new issues
Dr Sandra I. Woolley
Progress Toward Wearable Computing
Computers are getting smaller and smaller ...
Decreasing size >>> Increasing mobility >>> Decreasing visibility/noticeability
Room computer … desktop … luggable … portable … palmtop … handheld… embedded … wearable … invisible?
Alex Bilstein holding the first "luggable" computer, the 1981 Osborne 1 photo by Jana Birchum
Flexible screen technology developed by Universal Display.
Toshiba's 0.85 inch hard disk drive can store 4 GB of data.
Mobility and Usability





Computing and communications don’t naturally suit
mobility.
New physical interfaces beyond the keyboard/keypad
and mouse are needed.
And new software interfaces beyond WIMP (Windows,
Icons, Mouse, pointer) are needed also.
Keeping users mobile and task-focused presents
interesting challenges.
The new motorway signs “THINK DON'T PHONE WHILE
DRIVING” are a sign of the time.
Left top :TINMITH2 - the mobile research AR platform developed at the
Wearable Computer Laboratory in the University of South Australia.
Above middle : wearcam.org and right Chris Baber at Birmingham
Mobile Technology and Solutions






New, and sometimes simple, ideas
can make mobility easier.
And there are some useful new
technologies and products.
Wireless communications, e.g., WiFi, bluetooth, sensor network
Smart phones and 3G
RFID tagging technology
GPS : “SATNAV”, TomTom GO
Wireless and Personal Area Networks

IEEE 802.15 - Wireless PAN
(Personal Area Network) Standards.
– Wi-Fi (IEEE 802.11b and g) and
Bluetooth (IEEE 802.15.1)
– Sensor area networks (IEEE
802.15.4) and Zigbee for low-power
short range wireless communications.

Challenges in design and
management of communications in
mobile multi-sensing systems
interacting with other mobile multisensing systems and in multi-sensing
environments.
Applications
Zigbee or OEM
Application Profiles
Application Framework
Network and Security
Layers
Zigbee
Alliance
Platform
MAC Layer
IEEE 802.15.4
PHY Layer
2.4GHz
Silicon
868/915 MHz
Zigbee Stack
Application
Privacy and Security

Issues of digital and pervasive privacy and
security are active areas of debate and research.

“Privacy is dead, deal with it,” Sun
MicroSystems CEO, Scott McNealy.

“Privacy : The Achilles heel of Pervasive
Computing” M.Satyanarayanan
(Editorial of IEEE Pervasive Computing Magazine on special issue on Security and Privacy, 2003.)

Unease associated with pervasive computing
systems might involve location tracking and
“smart spaces” monitoring user locations and
activities on an almost continual basis.

New pervasive computing infrastructures can
expect new classes of malicious software.
Top: (c) Chuck Painter/Stanford News Service
- Ralph Merkle, Martin Hellman, Whitfield Diffie (1977) - defined
a system of safe key exchange
Middle: Adi Shamir, Ronald Rivest andLeonard Adleman creators of RSA (used in PGP)
What About Wireless Security?

There are increasing concerns
about the security of new wireless
networks.

What about the ‘hackability’ of
smarthomes?

Bluetooth viruses are now appearing
and there is a growing awareness
that malware is going mobile.

Security for new wireless networks
is an active area of research.
32
What About EMF Exposure?

We humans are electro-chemical beings.

Excessive exposure to electromagnetic
fields has a negative impact on human
health and causes chromosomal
damage. However, there is no
consensus on what is excessive and what
is safe.

Can much lower power systems be made
in the future? Can wireless systems
seamlessly interoperate with wired
systems?

“The Body Electric” summarises a few of
the issues. (The presentation can be
found on my web page).
http://www.eee.bham.ac.uk/woolleysi/thebodyelectric.ppt
33
In the News ...

JAMA (Journal of
the American
Medical
Association) has
recently published
an article that has
received interest.

The article
demonstrates that
mute (but “on”) cell
phones alter brain
metabolism (shift
to glucose
metabolism.)

The effects are
unknown.
Thank You