1. 1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0

2. 2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Menjelaskan peran Manajemen Jaringan dan Network Security

3. 3 Outline Materi SNMP Firewall

4. 4 Network Management Networks are becoming indispensable –More complexity makes failure more likely Require automatic network management tools Standards required to allow multi-vendor networks covering: –Services –Protocols –Management information TCP/IP Network has SNMP (Simple Network Management Protocol as platform

5. 5 Key Elements Management station or manager Managed Entities or Agent Management information base Network management protocol

6. 6 Management Station - Manager Stand alone system or part of shared system Interface for human network manager Set of management applications –Data analysis –Fault recovery Interface to monitor and control network Translate manager’s requirements into monitoring and control of remote elements Data base of network management information extracted from managed entities

7. 7 Managed Entities - Agent Network Elements such as Hosts, bridges, hubs, routers equipped with agent software Allowed to be managed from management station Respond to requests for information Respond to requests for action Asynchronously supply unsolicited information

8. 8 Management Information Base Representation of network resources as objects Each object represents one aspect of managed object MIB is collection of objects (access points) at agent for management of station Objects standardized across class of system

9. 9 Network Management Protocol Link between management station and agent TCP/IP uses SNMP OSI uses Common Management Information Protocol (CMIP) SNMPv2 (enhanced SNMP) for OSI and TCP/IP

10. 10 Protocol Capabilities Get Set Notify

11. 11 SNMP Protocol Architecture Application-level protocol Part of TCP/IP protocol suite Runs over UDP Manager supports SNMP messages –GetRequest, GetNextRequest, and SetRequest –Port 161 Agent replies with GetResponse Agent may issue trap message in response to event that affects MIB and underlying managed entities –Port 162

12. 12 SNMPv1 Configuration

13. 13 Role of SNMP v1

14. 14 Security Requirements Confidentiality Integrity –Authentic –Non Repudiable Availability

15. 15 Security Threats and Attacks A threat is a potential violation of security. –Flaws in design, implementation, and operation. An attack is any action that violates security. –Active adversary Common threats: –Snooping/eavesdropping, alteration, spoofing, repudiation of origin, denial of receipt, delay and denial of service

16. 16 Types of Attacks Passive ThreatsActive Threats Release of Message Contents Traffic Analysis MasqueradeReplayModification of Message Contents Denial of Service

17. 17 Network Access Security

18. 18 Using this model requires us to: –select appropriate gatekeeper functions to identify users –implement security controls to ensure only authorised users access designated information or resources Trusted computer systems can be used to implement this model Network Access Security

19. 19 Model for Network Security

20. 20 This model requires us to: –design a suitable algorithm for the security transformation –generate the secret information (keys) used by the algorithm –develop methods to distribute and share the secret information –specify a protocol enabling the principals to use the transformation and secret information for a security service Model for Network Security

21. 21 Methods of Defence Encryption Software Controls –Access limitations in a data base –In operating system protect each user from other users Hardware Controls –Smartcard, biometric Policies –Frequent changes of passwords Physical Controls