Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007
Bina Nusantara Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Menjelaskan peran Manajemen Jaringan dan Network Security
Bina Nusantara Outline Materi Network Management principles Protocol Security Attacks Methods of Defence
Bina Nusantara Network Management Networks are becoming indispensable – More complexity makes failure more likely Require automatic network management tools Standards required to allow multi-vendor networks covering: – Services – Protocols – Management information TCP/IP Network has SNMP (Simple Network Management Protocol as platform
Bina Nusantara Key Elements Management station or manager Managed Entities or Agent Management information base Network management protocol
Bina Nusantara Management Station - Manager Stand alone system or part of shared system Interface for human network manager Set of management applications – Data analysis – Fault recovery Interface to monitor and control network Translate manager’s requirements into monitoring and control of remote elements Data base of network management information extracted from managed entities
Bina Nusantara Managed Entities - Agent Network Elements such as Hosts, bridges, hubs, routers equipped with agent software Allowed to be managed from management station Respond to requests for information Respond to requests for action Asynchronously supply unsolicited information
Bina Nusantara Management Information Base Representation of network resources as objects Each object represents one aspect of managed object MIB is collection of objects (access points) at agent for management of station Objects standardized across class of system
Bina Nusantara Network Management Protocol OSI uses Common Management Information Protocol (CMIP) TCP/IP uses SNMP – SNMPv2 (enhanced SNMP) for OSI and TCP/IP
Bina Nusantara SNMP Protocol Architecture Application-level protocol Part of TCP/IP protocol suite Runs over UDP Manager supports SNMP messages – GetRequest, GetNextRequest, and SetRequest – Port 161 Agent replies with GetResponse Agent may issue trap message in response to event that affects MIB and underlying managed entities – Port 162
Bina Nusantara SNMPv1 Configuration
Bina Nusantara Role of SNMP v1
Bina Nusantara Security Requirements Confidentiality Integrity – Authentic – Non Repudiable Availability
Bina Nusantara Security Threats and Attacks A threat is a potential violation of security. – Flaws in design, implementation, and operation. An attack is any action that violates security. – Active adversary Common threats: – Snooping/eavesdropping, alteration, spoofing, repudiation of origin, denial of receipt, delay and denial of service
Bina Nusantara Types of Attacks Passive ThreatsActive Threats Release of Message Contents Traffic Analysis MasqueradeReplayModification of Message Contents Denial of Service
Bina Nusantara Network Access Security Using this model requires us to: – select appropriate gatekeeper functions to identify users – implement security controls to ensure only authorised users access designated information or resources Trusted computer systems can be used to implement this model
Bina Nusantara Model for Network Security This model requires us to: – design a suitable algorithm for the security transformation – generate the secret information (keys) used by the algorithm – develop methods to distribute and share the secret information – specify a protocol enabling the principals to use the transformation and secret information for a security service
Bina Nusantara Methods of Defence Encryption Software Controls – Access limitations in a data base – In operating system protect each user from other users Hardware Controls – Smartcard, biometric Policies – Frequent changes of passwords Physical Controls