Transcript Modification

Network Control
Mi-Jung Choi
Dept. of Computer Science
KNU
Email: [email protected]
1
Table of Contents
• Introduction
• Configuration Control
• Security Control
2
Introduction
• Network control is concerned with modifying parameters
in and causing actions to be taken by the end systems,
intermediate systems, and subnetworks that make up the
network to be managed
• All five functional areas of NM involve monitoring and
control but configuration and security are more concerned
with control
• Issues in network control
– what to control?
• define what is to be controlled
– how to control?
• how to cause actions to be performed
3
Configuration Management
1. Define Configuration Information
2. Configuration Monitoring
– Examine values and relationships
– Report on configuration status
3. Configuration Control may be required as a result of
monitoring or event reports
– Initialize and terminate network operations
– Set and modify attribute values
– Define and modify relationships
4
Define Configuration Information
• Includes the nature and status of managed resources
– specification and attributes of resources
• Network Resources
– physical resources
• end systems, routers, bridges, switches, modems, etc.
– logical resources
• TCP connections, timers, counters, virtual circuits, etc.
• Attributes
– name, address, ID number, states, operational characteristics, #
of connections, etc.
• Control function should be able to
– define new classes and attributes (mostly done off-line)
– define the type and range of attribute values
5
Set and Modify Attribute Values
• when requesting agents to perform set and modify
– the manager must be authorized
– some attributes cannot be modified (e.g., # of physical ports)
• Modification categories
– MIB update only
• does not require the agent to perform any other action
• e.g., update of static configuration information
– MIB update plus resource modification
• requires the agent to modify the resource itself
• e.g., changing the state of a physical port to “disabled”
– MIB update plus action
• perform actions as a side effect of set operation
• SNMP takes this approach
6
Define and Modify Relationships
• a relationship describes an association, connection, or
condition that exists between network resources
–
–
–
–
–
topology
hierarchy
containment
physical or logical connections
management domain
• Configuration control should allow on-line modification of
resources without taking all or part of network down
7
Security Management
• What should be secured in networks?
– information security
– computer security
– network security
• Security Requirements
– Secrecy
• making information accessible to only authorized users
• includes the hiding of the existence of information
– Integrity
• making information modifiable to only authorized users
– Availability
• making resources available to only authorized users
8
Security Threats
• Interruption
– destroyed or becomes unavailable or unusable
– threat to “availability”
• Interception
– an unauthorized party gains access
– threat to “secrecy”
• Modification
– an unauthorized party makes modification
– threat to “integrity”
• Fabrication
– an unauthorized party inserts false information
• Masquerade
– an entity pretends to be a different entity
9
Types of Security Threats
Information
source
information
destination
(a) Normal flow
(b) Interruption
(d) Modification
(c) Interception
(e) Fabrication
10
Security Threats and Network
Assets
Modification
Interception
(capture, analysis)
Modification
Masquerade
Masquerade
Interception
(capture, analysis)
.
Communication
Lines
.
.
Data
Interruption
(loss)
Interruption
(theft, denial of service)
hardware
.
Interruption
(loss)
Modification
Software
Interception
Interruption
(deletion)
11
Security Management Functions
• Maintain Security Information
–
–
–
–
event logging, monitoring usage of security-related resources
receiving notification and reporting security violations
maintaining and examining security logs
maintaining backup copies of security-related files
• Control Resource Access Service
– use access control (authentication and authorization)
• security codes (e.g., passwords)
• routing tables, accounting tables, etc.
• Control the Encryption Process
– must be able to encrypt messages between managers & agents
– specify encryption algorithms
12
Summary
• Network control is concerned with setting and changing
parameters of various parts of network resources as
consequences of network monitoring and analysis
• Configuration control and security control are two
essential aspects of network control
• READ Chapter 3 of Textbook
13