Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel: 053-580-5234

Similar presentations


Presentation on theme: "Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel: 053-580-5234"— Presentation transcript:

1 Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel: 053-580-5234 Email: juht@kmu.ac.kr

2 Keimyung University 2 Table of Contents Introduction Configuration Control Security Control

3 Keimyung University 3 Introduction Network control is concerned with modifying parameters in and causing actions to be taken by the end systems, intermediate systems, and subnetworks that make up the network to be managed All five functional areas of NM involve monitoring and control but configuration and security are more concerned with control Issues in network control –what to control? define what is to be controlled –how to control? how to cause actions to be performed

4 Keimyung University 4 Configuration Management 1.Define Configuration Information 2.Configuration Monitoring –Examine values and relationships –Report on configuration status 3. Configuration Control may be required as a result of monitoring or event reports –Initialize and terminate network operations –Set and modify attribute values –Define and modify relationships

5 Keimyung University 5 Define Configuration Information Includes the nature and status of managed resources –specification and attributes of resources Network Resources –physical resources end systems, routers, bridges, switches, modems, etc. –logical resources TCP connections, timers, counters, virtual circuits, etc. Attributes –name, address, ID number, states, operational characteristics, # of connections, etc. Control function should be able to –define new classes and attributes (mostly done off-line) –define the type and range of attribute values

6 Keimyung University 6 Set and Modify Attribute Values when requesting agents to perform set and modify –the manager must be authorized –some attributes cannot be modified (e.g., # of physical ports) Modification categories –MIB update only does not require the agent to perform any other action e.g., update of static configuration information –MIB update plus resource modification requires the agent to modify the resource itself e.g., changing the state of a physical port to “disabled” –MIB update plus action perform actions as a side effect of set operation SNMP takes this approach

7 Keimyung University 7 Define and Modify Relationships a relationship describes an association, connection, or condition that exists between network resources –topology –hierarchy –containment –physical or logical connections –management domain Configuration control should allow on-line modification of resources without taking all or part of network down

8 Keimyung University 8 Security Management What should be secured in networks? –information security –computer security –network security Security Requirements –Secrecy making information accessible to only authorized users includes the hiding of the existence of information –Integrity making information modifiable to only authorized users –Availability making resources available to only authorized users

9 Keimyung University 9 Security Threats Interruption –destroyed or becomes unavailable or unusable –threat to “availability” Interception –an unauthorized party gains access –threat to “secrecy” Modification –an unauthorized party makes modification –threat to “integrity” Fabrication –an unauthorized party inserts false information Masquerade –an entity pretends to be a different entity

10 Keimyung University 10 Types of Security Threats Information source information destination (a) Normal flow (b) Interruption (c) Interception (d) Modification (e) Fabrication

11 Keimyung University 11 Security Threats and Network Assets.... Data Communication Lines hardware Software Masquerade Modification Interception (capture, analysis) Interruption (loss) Masquerade Modification Interception (capture, analysis) Interruption (loss) Modification Interception Interruption (deletion) Interruption (theft, denial of service)

12 Keimyung University 12 Security Management Functions Maintain Security Information –event logging, monitoring usage of security-related resources –receiving notification and reporting security violations –maintaining and examining security logs –maintaining backup copies of security-related files Control Resource Access Service –use access control (authentication and authorization) security codes (e.g., passwords) routing tables, accounting tables, etc. Control the Encryption Process –must be able to encrypt messages between managers & agents –specify encryption algorithms

13 Keimyung University 13 Summary Network control is concerned with setting and changing parameters of various parts of network resources as consequences of network monitoring and analysis Configuration control and security control are two essential aspects of network control READ Chapter 3 of Textbook


Download ppt "Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel: 053-580-5234"

Similar presentations


Ads by Google