MCL-H0484 - Binus Repository

Download Report

Transcript MCL-H0484 - Binus Repository

Matakuliah : H0484/Jaringan Komputer
Tahun
: 2007
Manajemen Jaringan dan Network Security
Pertemuan 26
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Menjelaskan peran Manajemen Jaringan dan Network Security
Bina Nusantara
Outline Materi
•
•
•
•
Bina Nusantara
Network Management principles
Protocol
Security Attacks
Methods of Defence
Network Management
• Networks are becoming indispensable
– More complexity makes failure more likely
• Require automatic network management tools
• Standards required to allow multi-vendor networks covering:
– Services
– Protocols
– Management information
• TCP/IP Network has SNMP (Simple Network Management
Protocol as platform
Bina Nusantara
Key Elements
•
•
•
•
Bina Nusantara
Management station or manager
Managed Entities or Agent
Management information base
Network management protocol
Management Station - Manager
• Stand alone system or part of shared system
• Interface for human network manager
• Set of management applications
– Data analysis
– Fault recovery
• Interface to monitor and control network
• Translate manager’s requirements into
monitoring and control of remote elements
• Data base of network management information
extracted from managed entities
Bina Nusantara
Managed Entities - Agent
• Network Elements such as Hosts, bridges, hubs, routers
equipped with agent software
• Allowed to be managed from management station
• Respond to requests for information
• Respond to requests for action
• Asynchronously supply unsolicited information
Bina Nusantara
Management Information Base
• Representation of network resources as objects
• Each object represents one aspect of managed object
• MIB is collection of objects (access points) at agent for
management of station
• Objects standardized across class of system
Bina Nusantara
Network Management Protocol
• OSI uses Common Management Information
Protocol (CMIP)
• TCP/IP uses SNMP
– SNMPv2 (enhanced SNMP) for OSI and TCP/IP
Bina Nusantara
SNMP Protocol Architecture
•
•
•
•
Application-level protocol
Part of TCP/IP protocol suite
Runs over UDP
Manager supports SNMP messages
– GetRequest, GetNextRequest, and SetRequest
– Port 161
• Agent replies with GetResponse
• Agent may issue trap message in response to event
that affects MIB and underlying managed entities
– Port 162
Bina Nusantara
SNMPv1 Configuration
Bina Nusantara
Role of SNMP v1
Bina Nusantara
Security Requirements
• Confidentiality
• Integrity
– Authentic
– Non Repudiable
• Availability
Bina Nusantara
Security Threats and Attacks
• A threat is a potential violation of security.
– Flaws in design, implementation, and operation.
• An attack is any action that violates security.
– Active adversary
• Common threats:
– Snooping/eavesdropping, alteration, spoofing,
repudiation of origin, denial of receipt, delay and
denial of service
Bina Nusantara
Types of Attacks
Passive Threats
Release of Message
Contents
Bina Nusantara
Traffic
Analysis
Active Threats
Masquerade
Replay
Modification of
Message Contents
Denial of
Service
Network Access Security
• Using this model requires us to:
– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorised users
access designated information or resources
• Trusted computer systems can be used to implement this model
Bina Nusantara
Model for Network Security
• This model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the algorithm
– develop methods to distribute and share the secret information
– specify a protocol enabling the principals to use the
transformation and secret information for a security service
Bina Nusantara
Methods of Defence
• Encryption
• Software Controls
– Access limitations in a data base
– In operating system protect each user from other
users
• Hardware Controls
– Smartcard, biometric
• Policies
– Frequent changes of passwords
• Physical Controls
Bina Nusantara