Transcript Chapter 13 Network Management Applications

Chapter 13
Network Management Applications
Network and Systems Management
Business
Management
Service
Management
Network
Management
System
Management
Element
Management
Resource
Management
Network
Elements
System
Resources
Networked Information Systems
Management Applications
• OSI Model
• Configuration
• Fault
• Performance
• Security
• Accounting
• Reports
• Service Level Management
• Policy-based management
Configuration Management
• Network Provisioning
• Inventory Management
• Equipment
• Facilities
• Network Topology
• Database Considerations
Network Provisioning
• Network Provisioning
• Provisioning of network resources
• Design
• Installation and maintenance
• Circuit-switched network
• Packet-switched network, configuration for
• Protocol
• Performance
• QoS
• ATM networks
Network Topology
• Manual
• Auto-discovery by NMS using
• Broadcast ping
• ARP table in devices
• Mapping of network
• Layout
• Layering
• Views
• Physical
• Logical
Network Topology Discovery
163.25.145.0 163.25.146.0
140.112.8.0
140.112.6.0
163.25.146.128
163.25.147.0
140.112.5.0
192.168.13.0
192.168.12.0
Discovery In a Network

What to be discovered in a network ?

Node Discovery


Network Discovery


The topology of networks of interest
Service Discovery


The network devices in each network segment
The network services provided
Network Topology Discovery

Network Discovery + Node Discovery
Node Discovery

Node Discovery


Given an IP Address, find the nodes in the
same network.
Two Major Approaches:


Use Ping to query the possible IP addresses.
Use SNMP to retrieve the ARP Cache of a
known node.
Use ICMP ECHO


Eg: IP address: 163.25.147.12
Subnet mask: 255.255.255.0
All possible addresses:




163.25.147.1 ~ 163.25.147.254
For each of the above addresses, use ICMP
ECHO to inquire the address
If a node replies (ICMP ECHO Reply), then it is
found.
Broadcast Ping
Use SNMP

Find a node which supports SNMP



The given node, default gateway, or router
Or try a node arbitrarily
Query the ipNetToMediaTable in MIB-II IP
group (ARP Cache)
ipNetToMediaPhysAddress
ipNetToMediaType
ipNetToMediaIfIndex
ipNetToMediaNetAddress
1
2
00:80:43:5F:12:9A
00:80:51:F3:11:DE
163.25.147.10 dynamic(3)
163.25.147.11 dynamic(3)
Network Discovery

Network Discovery


Key Issue:


Find the networks of interest with their
interconnections
Given a network, what are the networks
directly connected with it ?
Major Approach

Use SNMP to retrieve the routing table of a
router.
Default Router
Routing table
Mapping of network
Hub 1
Traditional LAN Configuration
Port A
Segment A
A1
Hub 1
A2
Port A
Segment A
A1
Router
Physical
A2
Port B
Segment B
Router
B1
Hub 2
B2
Port B
Figure 13.2 LAN Segment
PhysicalBConfiguration
B1
Hub 2
Figure 13.2 LAN Physical Configuration
A1
A2
Segment A / Hub 1
Logical
A1
A2
Segment A / Hub 1
Router
Segment B / Hub 2
Router
B1
Segment B / Hub 2
B2
B2
Virtual LAN Configuration
Hub 1
Segment A
A1
Physical
B1
Segment B
Port A / Segment A
Port A / Segment B
Segment A
Router
Switch
A2
Segment B
Hub 2
B2
Figure 13.4 VLAN Physical Configuration
A1 (Hub 1)
A2 (Hub 2)
Segment A / Hub 1 & 2
Logical
Router
switch
Segment B / Hub 1 & 2
B1 (Hub 1)
B2 (Hub 2)
Fault Management
•
•
•
Fault is a failure of a network component
Results in loss of connectivity
Fault management involves:
• Fault detection
• Polling
• Traps: linkDown, egpNeighborLoss
• Fault location
• Detect all components failed and trace
down the tree topology to the source
• Fault isolation by network and SNMP tools
• Use artificial intelligence /
correlation techniques
• Restoration of service
• Identification of root cause of the problem
• Problem resolution
Performance Management
• Tools
• Protocol analyzers
• RMON
• MRTG
• Performance Metrics
• Data Monitoring
• Problem Isolation
• Performance Statistics
Performance Metrics
•
Macro-level
• Throughput
• Response time
• Availability
• Reliability
•
Micro-level
• Bandwidth
• Utilization
• Error rate
• Peak load
• Average load
Traffic Flow Measurement
Network Characterization
Four levels defined by IETF (RFC 2063)
International
Backbones / National
Regional / Midlevel
Stub / Enterprise
End-Systems / Hosts
Network Flow Measurements
• Three measurement entities:
• Meters gather data and build tables
• Meter readers collect data from meters
• Managers oversee the operation
• Meter MIB (RFC 2064)
• NetraMet - an implementation(RFC 2123)
Data Monitoring and Problem Isolation
•
•
Data monitoring
• Normal behavior
• Abnormal behavior (e.g., excessive collisions,
high packet loss, etc)
• Set up traps (e.g., parameters in alarm group
in RMON on object identifier of interest)
• Set up alarms for criticality
• Manual and automatic clearing of alarms
Problem isolation
• Manual mode using network and SNMP tools
• Problems in multiple components needs
tracking down the topology
• Automated mode using correlation technology
Performance Statistics
• Traffic statistics
• Error statistics
• Used in
• QoS tracking
• Performance tuning
• Validation of SLA (Service Level Agreement)
• Trend analysis
• Facility planning
• Functional accounting
Event Correlation Techniques
•
Basic elements
• Detection and filtering of events
• Correlation of observed events using AI
• Localize the source of the problem
• Identify the cause of the problem
•
Techniques
• Rule-based reasoning
• Model-based reasoning
• Case-based reasoning
• Codebook correlation model
• State transition graph model
• Finite state machine model
Rule-Based Reasoning
Data Level
Working Memory
Create
new data
elements
Recognize
Match
potential
rules
Modify
attributes
of data
elements
Remove
data
elements
Inference Engine
Select
best
rule
Knowledge Level
Act
Control Level
Invoke
action
Knowledge Level
Rule-Based Reasoning
• Knowledge base contains expert knowledge on
problem symptoms and actions to be taken
if
 then
condition 
action
• Working memory contains topological and state
information of the network; recognizes system
going into faulty state
• Inference engine in cooperation with knowledge
base decides on the action to be taken
• Knowledge executes the action
Rule-Based Reasoning
• Rule-based paradigm is an iterative process
• RBR is “brittle” if no precedence exists
• An exponential growth in knowledge base poses
problem in scalability
• Problem with instability
if packet loss < 10%
alarm green
if packet loss => 10% < 15% alarm yellow
if packet loss => 15%
alarm red
• Solution using fuzzy logic
Configuration for RBR Example
Server D1
Backbone
Router A
Alarm A
Router B
Alarm B
Hub C
Alarm C
Server D2
Server D3
Server D4
Alarms Dx
RBR Example
The correlation rule can be specified as follows:
Rule 0:
Alarm A :
Send rootcause alarm A
Rule 1
Alarm B
If Alarm A present Related to A and ignore
Rule 2
Alarm C
If Alarm B present Related to B and ignore
Rule 3
Alarm Dx
if Alarm C present Related to C and ignore
Correlation window: 20 seconds.
Correlation window = 20 seconds
Arrival of Alarm A | Alarm A sent
Arrival of Alarm B
|
(Correlated by rule 1)
Arrival of Alarm C
|
(Correlated by rule 2)
Arrival of Alarms Dx
(correlated by rule 3)
End of correlation window
|
|
Model-Based Reasoning
NMS / Correlator
Backbone
Network
Router
Model
Router
Hub1
Hub2
Physical Network
Hub3
Hub1
Model
Hub2
Model
Equivalent Model
Hub3
Model
Model-Based Reasoning
• Object-oriented model
• Model is a representation of the component it
models
• Model has attributes and relations to other
models
• Relationship between objects reflected in a
similar relationship between models
MBR Event Correlator
Example:
Hub 1 fails
Recognized by Hub 1 model
Hub 1 model queries router model
Router model
declares failure
Hub 1 model
declares NO failure
Router model
declares no
failure
Hub 1 model
declares Failure
Case-Based Reasoning
Case
Library
Input
Retrieve
Adapt
Figure 13.12 General CBR Architecture
Process
Case-Based Reasoning
• Unit of knowledge
• RBR rule
• CBR case
• CBR based on the case experienced before;
extend to the current situation by adaptation
• Three adaptation schemes
• Parameterized adaptation
• Abstraction / re-specialization adaptation
• Critic-based adaptation
CBR Parameterized Adaption
Trouble: file_transfer_throughput=F
Additional data: none
Resolution: A=f(F), adjust_network_load=A
Resolution status: good
Figure 13.13 Matching Trouble Ticket
Trouble: file_transfer_throughput=F'
Additional data: none
Resolution: A'=f(F'), adjust_network_load=A'
Resolution status: good
Figure 13.14 Parameterized Adaptation
CBR: Abstraction / Re-specialization
Trouble: file_transfer_throughput=F
Additional data: none
Resolution: A=f(F), adjust_network_load=A
Resolution status: good
Trouble: file_transfer_throughput=F
Additional data: none
Resolution: B=g(F), adjust_network_bandwidth=B
Resolution status: good
Trouble: file_transfer_throughput=F
Additional data: adjust_network_load=no
Resolution: B=g(F), adjust_network_bandwidth=B
Resolution status: good
CBR: Critic-Based Adaptation
Trouble: file_transfer_throughput=F
Additional data: network_load=N
Resolution: A=f(F,N), adjust_network_load=A
Resolution status: good
Figure 13.16 Critic-Based Adaptation
• Human expertise introduces a new case
Network
CBR-Based CRITTER
Spectrum
Configuration
Management
Fault
Detection
CRITTER
Fault Management
Fault Resolution
Case
Library
Input
Retrieve
Determinators
Adapt
Application
Techniques
User
Propose
User-based
Adaptation
Process
Codebook Correlation Model:
Generic Architecture
Configuration
Model
Event
Model
Correlator
Network
Monitors
Problems
Codebook Correlation Model
• Yemini, et.al. proposed this model
• Monitors capture alarm events
• Configuration model contains the configuration
of the network
• Event model represents events and their causal
relationships
• Correlator correlates alarm events with event
model and determines the problem that caused
the events
Codebook Approach
• Correlation algorithms based upon coding
approach to event correlation
• Problem events viewed as messages generated
by a system and encoded in sets of alarms
• Correlator decodes the problem messages to
identify the problems
Two phases of Codebook Approaches
1. Codebook selection phase: Problems to be
monitored identified and the symptoms they
generate are associated with the problem.
This generates codebook (problem-symptom
matrix)
2. Correlator compares alarm events with
codebook and identifies the problem.
Causality Graph
E4
E5
E6
E1
E2
E3
Figure 13.19 Causality Graph
E7
Labeled Causality Graph
S1
S2
S3
P1
P2
P3
S4
Figure
13.20 Labeled
Causality
for Figure 13.19
• Ps are
problems
and
Ss areGraph
symptoms
• P1 causes S1 and S2
• Note directed edge from S1 to S2 removed;
S2 is caused directly or indirectly (via S1) by P1
• S2 could also be caused by either P2 or P3
Codebook
S1
S2
S3
S4
P1
1
1
0
0
P2
1
1
1
0
P3
0
1
1
1
• Codebook is problem-symptom matrix
• It is derived from causality graph after removing
directed edges of propagation of symptoms
• Number of symptoms >= number of problems
• 2 rows are adequate to identify uniquely 3 problems
Correlation Matrix
S1
S3
P1
1
0
P2
1
1
P3
0
1
• Correlation matrix is a reduced codebook
Correlation Graph
S3
S1
P1
P2
P3
Figure 13.23 Correlation Graph for Figure 13.20
State Transition Model
ping node
response
ping
receive response
Figure 13.27 State Transition Diagram for Ping / Response
State Transition Model Example
NMS / Correlator
Backbone
Network
Router
Hub1
Hub2
Physical Network
Hub3
ping hub
State Transition Graph
response
ping
receive response
No response
pinged twice
(Ground state)
No response
pinged 3 times
No response
Request
No response
from Router,
No action
receive response
from router
ping router
Response
Response received
from Router
Action: Send Alarm
Finite State Machine Model
Client
Server
Send Request
Response
Request
Receive Response
Request
Message
Communication
Channel
Response
Message
Receive Request
Send
Receive
Send Response
Finite State Machine Model
• Finite state machine model is a passive system;
state transition graph model is an active system
• An observer agent is present in each node and
reports abnormalities, such as a Web agent
• A central system correlates events reported by
the agents
• Failure is detected by a node entering an illegal
state
Security Management
•
•
•
•
•
•
•
•
•
Security threats
Policies and Procedures
Resources to prevent security breaches
Firewalls
Cryptography
Authentication and Authorization
Client/Server authentication system
Message transfer security
Network protection security
Security Threats
• Modification of information: Contents modified by
unauthorized user, does not include address change
• Masquerade: change of originating address by
unauthorized user
• Message Stream Modification: Fragments of message
altered by an unauthorized user to modify the meaning
of the message
• Disclosure
• Eavesdropping
• Disclosure does not require interception of message
• Denial of service and traffic analysis are not considered
as threats.
Security Threats
Modification of information
Masquerade
Message stream modification
Management
Entity A
Management
Entity B
Disclosure
Figure 7.10 Security Threats to Management Information
Polices and Procedures
Basic guidelines to set up policies and procedures:
1. Identify what you are trying to protect.
2. Determine what you are trying to protect it from.
3. Determine how likely the threats are.
4. Implement measures, which will protect your assets in
a cost-effective manner.
5. Review the process continuously and make
improvements to each item if a weakness is found.
Secured Communication Network
Client A
Firewall
Gateway
Secured
Network A
Client B
Router
Network B
Server A
No Security Breaches ?
Figure 13.30 Secured Communication Network
• Firewall secures traffic in and out of Network A
• Security breach could occur by intercepting the
message going from B to A, even if B has
permission to access Network A
• Most systems implement authentication with user
id and password
• Authorization is by establishment of accounts
Firewalls
•
•
•
•
Protects a network from external attacks
Controls traffic in and out of a secure network
Could be implemented in a router, gateway, or
a special host
Benefits
• Reduces risks of access to hosts
• Controlled access
• Eliminates annoyance to the users
• Protects privacy
• Hierarchical implementation of policy and
and technology
Packet Filtering Firewall
Trash
Ethernet
SMTP Gateway
FTP Gateway
Packet Filtering
Router
Screened
SMTP & FTP
Secured Network
Figure 13.31 Packet Filtering Router
Internet
Packet Filtering
• Uses protocol specific criteria at DLC, network,
and transport layers
• Implemented in routers - called screening router
or packet filtering routers
• Filtering parameters:
• Source and/or destination IP address
• Source and/or destination TCP/UDP port
address, such as ftp port 21
• Multistage screening - address and protocol
• Works best when rules are simple
Application Level Gateway
Secured
Network
Firewall 1
Secured
LAN
Firewall 2
Proxy
Services
Application
Gateway
Figure 13.32 Application Level Gateway
DMZ
(De-Militarized Zone)
Internet
Cryptography
•
•
•
•
Secure communication requires
• Integrity protection: ensuring that the message
is not tampered with
• Authentication validation: ensures the originator
identification
Security threats
• Modification of information
• Masquerade
• Message stream modification
• Disclosure
Hardware and software solutions
Most secure communication is software based
資訊安全之重點






機密性 (Confidentiality)
真實性 (Authentication)
完整性 (Integrity)
不可否認性 (Non-repudiation)
存取控制 (Access control)
可用性 (Availability)
Encryption
Network
atek49ffdlffffe
ffdsfsfsff …
encryption
ciphertext
Dear John:
I am happy to know
...
plaintext
atek49ffdlffffe
ffdsfsfsff
…
decryption
ciphertext
Dear John:
I am happy to know
...
plaintext
Cryptography / Encryption

Encryption


Encryption Algorithm


A stream of bits that control the encryption algorithm.
Plaintext


The method performed in encryption.
Encryption Key


Encode, Scramble, or Encipher the plaintext information to
be sent.
The text which is to be encrypted.
Ciphertext

the text after encryption is performed.
Encryption
Encryption Key
Encryption Algorithm
Ciphertext
atek49ffdlffffe
ffdsfsfsff …
Plaintext
Dear John:
I am happy to know
...
Decryption
Decryption Key
Decryption Algorithm
Plaintext
Dear John:
I am happy to know
...
Ciphertext
atek49ffdlffffe
ffdsfsfsff …
Encryption / Decryption
Encryption Techniques

Private Key Encryption



Encryption Key = Decryption Key
Also called Symmetric-Key Encryption, Secret-Key
Encryption, or Conventional Cryptography.
Public Key Encryption


Encryption Key  Decryption Key
Also called Asymmetric Encryption
Private Key Encryption:
- DES (Data Encryption Standard)





Adopted by U.S. Federal Government.
Both the sender and receiver must know
the same secret key code to encrypt and
decrypt messages with DES
Operates on 64-bit blocks with a 56-bit
key
DES is a fast encryption scheme and
works well for bulk encryption.
Issues:

How to deliver the key to the sender safely?
Symmetric Key in DES
Other Symmetric Key Encryption Techniques

3DES



Triple DES
RC2, RC4
IDEA

International Data Encryption Algorithm
Key Size Matters!
Information Lifetime
Centuries
Decades
168-bits
Years
56-bits
Hours
40-bits
100’s
10K
1M
Budget ($)
10M
100M
*Triple-DES
(recommended
for commercial
& corporate
information)
Public Key Encryption: RSA




The public key is disseminated as widely as
possible. The secrete key is only known by the
receiver.
Named after its inventors Ron Rivest, Adi
Shamir, and Leonard Adleman
RSA is well established as a de facto standard
RSA is fine for encrypting small messages
Asymmetric Key in RSA
Key Length
Average Time for Exhaustive Key Search
Symmetric Cipher
(Conventional)
40
56
64
80
96
112
120
128
192
Bits
Bits
Bits
Bits
Bits
Bits
Bits
Bits
Bits
Asymmetric
(RSA/D-H)
274
384
512
1024
1536
2048
2560
3072
10240
Performance
30~200
Bits
Bits
Bits
Bits
Bits
Bits
Bits
Bits
Bits
Number of
Possible Key
32 Bits
2
56 Bits
2
128 Bits
2
56
128
= 4.3 X 10
9
16
= 7.2 X 10
38
= 3.4 X 10
31
32 Bits ==> 2 usec =36 min
55
Time required at
1 Encryption/uSEC 56 Bits ==> 2 usec =1142 Years
127
128 Bits ==> 2
24
usec =5X10 Years
32 Bits ==> 2 millsec
Time required at
6
10 Encryption/uSEC
1
32
56 Bits ==> 10 Hours
18
128 Bits ==> 5X10 Years
Hybrid Encryption Technology:
PGP (Pretty Good Privacy)

Hybrid Encryption Technique





First compresses the plaintext.
Then creates a session key, which is a one-time-only
secret key.
Using the session key, apply a fast conventional
encryption algorithm to encrypt the plaintext.
The session key is then encrypted to the recipient’s
public key.
This public key-encrypted session key is transmitted
along with the ciphertext to the recipient.
PGP Encryption
PGP Decryption


The recipient uses its private key to
recover the temporary session key
Use the session key to decrypt the
conventionally-encrypted ciphertext.
PGP Decryption
Message Digest
•
•
•
•
•
•
•
Message digest is a cryptographic hash algorithm
added to a message
One-way function
Analogy with CRC
If the message is tampered with the message
digest at the receiving end fails to validate
MD5 (used in SNMPv3) commonly used MD
MD5 takes a message of arbitrary length (32-Byte)
blocks and generates 128-bit message digest
SHS (Secured Hash Standard) message digest
proposed by NIST handles 264 bits and generates
160-bit output
Digital Signatures


Digital signatures enable the recipient of
information to verify the authenticity of the
information’s origin, and also verify that the
information is intact.
Public key digital signatures provide




authentication
data integrity
non-repudiation
Technique: public key cryptography

Signature created using private key and validated
using public key
Simple Digital Signatures
Secure Digital Signatures
Authentication and Authorization
• Authentication verifies user identification
• Client/server environment
• Host/User Authentication
• Ticket-granting system
• Authentication server system
• Cryptographic authentication
• Messaging environment
• e-mail
• e-commerce
• Authorization grants access to information
• Read, read-write, no-access
• Indefinite period, finite period, one-time use
Host Authentication

Allow access to a service based on a
source host identifier, e.g. network
address.
Service
Remote Login
File Transfer
Directory
…

Issues


Allow
Host-B, Host-C, 140.131.59.20
Host-A, Host-B, PC-bmw,
Host-C, 140.131.62.211, PC-benz
…
A host can change its network address.
Different users in the same host have the same authority.
User Authentication


Enable service to identify each user before
allowing that user access.
Password Mechanism





Generally, passwords are transferred on the network without any
encryption.
Use encrypted passwords.
Users tend to make passwords easy to remember.
If the passwords are not common words, users will write them
down.
Host Authentication + User Authentication
Ticket-granting system
Kerberos
User
Input
Client
Workstation
Application
Server /
Service
Authentication
Server
TicketGranting
Server
Ticket-granting system
• Used in client/server authentication system
•
•
Kerberos developed by MIT
Steps:
• User logs on to client workstation
• Login request sent to authentication server
• Auth. Server checks ACL, grants encrypted ticket to
client
• Client obtains from TGS service-granting ticket
and session key
• Appl. Server validates ticket and session key,
and then provides service
Authentication Server
User
Input
Client
Workstation
Authentication
Authentication
Server
Proxy Server
Service
Application
Server /
Service
Authentication
Figure 13.39 Authentication Server
Authentication Server
• Architecture of Novell LAN
• Authentication server does not issue ticket
• Login and password not sent from client
workstation
• User sends id to central authentication server
• Authentication server acts as proxy agent to the
client and authenticates the user with the
application server
• Process transparent to the user
Message Transfer Security
• Messaging one-way communication
• Secure message needs to be authenticated
and secured
• Three secure mail systems
• Privacy Enhanced Mail (PEM)
• Pretty Good Privacy (PGP)
• X-400: OSI specifications that define
framework; not implementation specific
Privacy Enhanced Mail
• Developed by IETF (RFC 1421 - 1424)
• End-to-end cryptography
• Provides
• Confidentiality
• Authentication
• Message integrity assurance
• Nonrepudiation of origin
• Data encryption key (DEK) could be secret or public
key-based originator and receiver agreed upon
method
• PEM processes based on cryptography and
message encoding
• MIC-CLEAR (Message Integrity Code-CLEAR)
• MIC-ONLY
• ENCRYPTED
DEK = Data Encryption Key
IK = Interexchange Key
MIC = Message Integrity Code
PEM Processes
SMTP Format
Conversion
SMTP
Text
MIC
Generator
MIC-CLEAR
PEM
MIC/DEK
e-mail
System
IK
DEK
User Plaintext
MIC
Encrypted DEK
Text
MIC
Encrypted DEK
Encoded Text
(a) MIC-CLEAR PEM Process
MIC/DEK
SMTP Format
Conversion
SMTP
Text
Encoder
(Printable
code)
MIC
Generator
MIC ONLY
PEM
IK
DEK
User Plaintext
e-mail
System
MIC
Encrypted DEK
(b) MIC-ONLY PEM Process
Encrypted &
Encoded
Message
MIC/DEK
Legend:
DEK Data Encryption Key
IK Interexchange Key
MIC Message Integrity Code
SMTP Simple Mail Transfer Protocol
MIC
Generator
Padding &
Encryption
Encoder
(Printable
code)
(c) ENCRYPTED PEM Process
ENCRYPTED
PEM
IK
SMTP
Text
DEK
SMTP Format
Conversion
DEK
User Plaintext
e-mail
System
Use of PGP in E-mail
Public Key
Signature
Plaintext
Encryption
Encrypted &
Compressed
Message
Compression
Concatenation
Signature
Generation
Private Key
Plaintext
e-mail
conversion
Figure 13.41 PGP Process
e-mail
system
SNMPv3 Security
Encrypted
scopedPDU
scopedPDU
Encryption Key
password
authoritativeSnmpEngineId
Privacy
Module
USM
wholeMsg
authKey
USM
Figure 13.42 SNMP Secure Communication
HMAC Gen.
Authentication
Module
authenticated
wholeMsg
SNMPv3 Security
• Authentication key equivalent to DEK in PEM or
private key in PGP
• Authentication key generated using user password
and SNMP engine id
• Authentication key may be used to encrypt message
• USM prepares the whole message including
scoped PDU
• HMAC, equivalent of signature in PEM and PGP,
generated using authentication key and the whole
message
• Authentication module provided with authentication
key and HMAC to process incoming message
Virus Attacks
• Executable programs that make copies and
insert them into other programs
• Attacks hosts and routers
• Attack infects boot track, compromises cpu,
floods network traffic, etc.
• Prevention is by identifying the pattern of the
virus and implementing protection in virus
checkers
Accounting Management
•
•
•
•
•
Least developed
Usage of resources
Hidden cost of IT usage (libraries)
Functional accounting
Business application
Report Management
Table 13.1 Planning and Management Reports
Category
Quality of service /
Service level agreement
Traffic trends
Technology trends
Cost of Operations
Reports
Network availability
Systems availability
Problem reports
Service response
Customer satisfaction
Traffic patterns
Analysis of internal traffic volume
Analysis of external traffic volume
Current status
Technology migration projection
Functional
Usage
Personnel
Table 13.2 System Reports
Category
Traffic
Failures
Performance
Reports
Traffic load - internal
Traffic load - external
Network failures
System failures
Network
Servers
Applications
Table 13.3 User Reports
Category
Service level agreement
User specific reports
Reports
Network availability
System availability
Traffic load
Performance
User-defined reports
Policy-Based Management
Network
Attributes
Policy Space
Domain Space
Policy Driver
Rule Space
Action Space
Policy-Based Management
• Domain space consists of objects (alarms with
attributes)
• Rule space consists of rules (if-then)
• Policy Driver controls action to be taken
• Distinction between policy and rule; policy
assigns responsibility and accountability
• Action Space implements actions
Service Level Management
• SLA management of service equivalent to
QoS of network
• SLA defines
• Identification of services and characteristics
• Negotiation of SLA
• Deployment of agents to monitor and control
• Generation of reports
• SLA characteristics
• Service parameters
• Service levels
• Component parameters
• Component-to-service mappings