Download Network Monitoring

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Data vault modeling wikipedia , lookup

Information privacy law wikipedia , lookup

Business intelligence wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Computer security wikipedia , lookup

Disk formatting wikipedia , lookup

Transcript 
CH/S6CA/Nov. 2008
SOHO NETWORK MANAGEMENT AND SECURITY
Network Monitoring

Aim: To ensure that the network can function properly and continuously.

The following could be monitored:

i.
Memory utilization: including the physical memory and virtual memory
ii.
Bandwidth utilization: see if congestion occurs, indicating the host causing congestion, and the time of
the congestion.
iii.
CPU performance: E.g. CPU utilization
iv.
Hard disk performance: E.g. Hard disk throughput, disk space used.
v.
Connectivity between hosts: can tested by using ping.
Simple Network Management Protocol (SNMP)
i.
SNMP formforms part of the internet protocol suite
ii.
SNMP exposes management data in the form of variables on the managed systems, which describe the
system configuration. These variables can then be queried (and sometimes set) by managing
applications, e.g. the Network Management System(NMS)..
iii.
A software called agent is installed in network-attached devices or managed devices and will report the
condition of the managed devices to the NMS.
iv.
Basic SNMP operations inside:
a.
Get – allow NMS to retrieve information of monitored devices via the agent.
b.
Set – allow NMS to set values on monitored devices.
c.
Trap – is used by the agent to inform NMS on abnormal event happened in the monitored device.
Troubleshooting


Network problems may be caused by the following factors:
i.
Connectively – loosen cables, loosen network card
ii.
Hardware problems – hardware failure or conflict with others
iii.
Configuration problems – wrong IP address, wrong subnet mask, wrong configured firewall / router.
Commands used to solve network problems:
i.
ping – test whether a host is reachable.
ii.
netstat – display connections, network statistics, etc.
iii.
traceroute – determine the route taken by a packet from the source to the destination.
Disaster Recovery

The process of resuming access to data and other resources after natural of human disasters.

Disaster recovery planning involves the following steps:
i.
Evaluating the existing risks in a corporation.
ii.
Determining the importance of different data.
SOHO NETWORK MANAGEMENT AND SECURITY
page 1
CH/S6CA/Nov. 2008
iii.

Developing the recovery strategy according to the importance of data.
Measures to prevent data loss:
i.
Perform backup
ii.
Using Fault-tolerant system (E.g. RAID)
iii.
Using Uninterrupted Power Supply (UPS)
iv.
Using Anti-virus software, etc.
Backup




Backup and Restore
i.
Backup is the process of making a copy to the data or files.
ii.
When data loss event happens, such copy is restored so as to prevent data loss.
Examples of software used in backup:
i.
CA ARCserve
ii.
EMC Legato Networker, etc.
Strong media used for backup:
i.
Magnetic Tape
ii.
Optical disks: DVD-ROM, etc.
iii.
Hard disk, etc.
Network Backup Server
i.
A server used to provide online backup and restore server.
ii.
Advantage (over traditional backup)
iii.
a.
Automatic (without changing tapes or DVD-ROMs)
b.
Huge storage capacity – can support a number of servers.
Disadvantage:
a.
Expensive
Fault-Tolerance

Measures to make sure that a system will continue to operate even if failures occur

If its operating quality decreases at all, the decrease is proportional to the severity of the failure, as
compared to a naively-designed system in which even a small failure can cause total breakdown.

Fault-Tolerance  Backup

Redundant Array of Independent Disks (RAID)
i.
Provide redundancy on data in storage devices to achieve fault-tolerance.
ii.
Common used RAID: RAID 0, RAID 1, RAID 5
SOHO NETWORK MANAGEMENT AND SECURITY
page 2
CH/S6CA/Nov. 2008


RAID 1 (Mirror set without parity)
i.
When data is written into disk 0, an exact copy will be created into another
disk, disk 1.
ii.
The copy in disk 1 is called the “mirror”.
iii.
When disk 0 fails, data can be restored from disk 1.
iv.
When disk 1 fails, data can be restored from disk 0.
v.
Minimum number of disks required = 2.
RAID 5 (block-level striping with parity)
i.
Striping – spreading out blocks of each file across multiple disks.
ii.
Assuming 4 disks are used for RAID 5. When data is written to the
disks, the data will be broken into 3 pieces, and write to 3 of the 4
disks, e.g. Disk 0, 1, 2 (striping). A parity used for error correction
is calculated, created and written in the remaining disk (E.g. Disk
3).
iii.
The parity bits are distributed on all disks in turns.
iv.
When any one of Disks A, B or C breaks, (E.g. C breaks) the data
can be reconstructed by combining data segments in A and B,
together with the parity in D.
v.
When Disk D breaks, the data can be restored by combining the segments from Disks A, B and C.
vi.
When any two disks break at the same time, all data will be lost.
vii.
Minimum disks required = 3.
viii. RAID 5 provides better performance than RAID 1.


RAID 0 (Striping without Fault Tolerance)
i.
Split data evenly across disks
ii.
Can increase performance
iii.
If one disk fails, all data will be lost.
iv.
Minimum disks required = 2.
RAID can be implemented using hardware, software or both.
Uninterruptible Power Supply (UPS)

UPS is an electric device which is used to provide continuous power supply to computer equipments even if
their normal power is not available.
SOHO NETWORK MANAGEMENT AND SECURITY
page 3
CH/S6CA/Nov. 2008
Grandfather, father and son principle (a backup method)

When the transaction file and master file are used to produce a new master file, this new master file is called
the son and the old master file is called the father.

The process is then repeated using the next transaction file and the son master. However, this time round the
newest master file is called the son. The master file which was used to produce this latest son is called the
father and the original master in file now becomes the grandfather.

The grandfather, father and son files are called generations of files.

The above process need 5 tapes to maintain as follows:
For tapes A, B, C, D and E.
Day of week
Son
Father
Grandfather
Today
Yesterday

Mon
Tue
Master Files
A
B
A
Transaction Files
D
E
D
Wed
Thu
Fri
C
B
A
A
C
B
B
A
C
D
E
E
D
D
E
The whole Grandfather-Father-Son process is shown in the following system flowchart:
Grandfather
(father)
Master file
Father
Father
(son)
1st
updating
process
Son
Master file
updating
process
New master
file
Transaction file 1
2nd
Transaction file 2
Security Threats

Malicious Code (Malware)
i.
Programs that are designed to do bad things
ii.
Include: virus worm, Trojan Horse, Spyware, etc.

Unauthorized Access

Interception
i.
The packet was intercepted (E.g. deleted, modified or read) by someone during transmission.
ii.
Can be accomplished using sniffer – software or hardware used to log or intercept network traffic.
SOHO NETWORK MANAGEMENT AND SECURITY
page 4
CH/S6CA/Nov. 2008
Malicious Code





Virus – Malicious program which can
i.
duplicate itself and
ii.
infect other program
Worm – Malicious program which can
i.
duplicate itself and
ii.
spread over the network automatically.
Trojan Horse – Malicious program which can
i.
appears to be normal and
ii.
but performs malicious activity when it is running.
Spyware – Malicious program which can
i.
collect users’ personal information (E.g. collecting web surfing pattern)
ii.
deliver unwanted advertisements (also known as Adware)
iii.
redirect the browser to a specific URL, etc.
A single malicious program can have nature on virus, worm, Trojan Horse and / or spyware.
Measures against Malicious Code

Using anti-virus program

authentication

access control / user right control

packet filtering

public and private key encryption

Wired Equivalent Privacy (WEP)

Using IPSec and VPN

Installing Intrusion Detection System
Anti-virus Program


An anti-virus program is utility program used to
i.
detect, stop and eliminate virus; and
ii.
recover files infected by virus.
An anti-virus program consists of:
i.
Scanning engine
a.
The program that does the actual virus scanning / detecting work
SOHO NETWORK MANAGEMENT AND SECURITY
page 5
CH/S6CA/Nov. 2008
b.
ii.
Need to be updated from time to time as a new scanning engine can improve scanning
performance.
Signature File
a.
The file contains details of features of existing viruses.
b.
It is used by the scanning engine to identify virus.
c.
It is necessary to update the file even more frequently so as to cover information / features of
new virus.
Authentication and Access Control


Authentication
i.
A process to identify and prove the identity of a user / party.
ii.
E.g. Logon system.
Access Control
i.
It is the mechanism used to prevent unauthorized access of resource.
ii.
E.g. Access right of a file / folder can be set to let users read / fully control the file / folder.
Firewall

A firewall is placed between an organization and the rest of the Internet.

If an organization has multiple Internet connection, a firewall must be placed at each, and all the
organization’s firewalls must be configured to enforce the organization’s security policy.

The primary mechanism used to build a firewall is known as a packet filter.

Packet Filter
i.
A packet filter can embedded in a router.
ii.
It consists of software the uses the contents of packets to determine which packets are allowed to pass
through the router and which packets will be discarded.
iii.
It operates by examining fields in the header of each packet.
iv.
For TCP/IP, a packet filter specification usually includes a frame type of 0800 (for IP), an IP source
address or destination address (or both), a datagram type, and a protocol port number.
SOHO NETWORK MANAGEMENT AND SECURITY
page 6
CH/S6CA/Nov. 2008
v.


The ability to selectively allow packets for a particular service means that a manager can allow traffic
to one service, while blocking service to others. (e.g. allow Web traffic while blocking traffic to FTP)
To be secure, an Internet firewall needs at least three systems:
i.
A packet filter restricts data that arrive from the Internet.
ii.
A separate packet filter restricts data that leave the organization’s intranet.
iii.
A secure computer system in the firewall runs application software. (secure host)
A secure host runs special application programs known as application-layer gateways that provides secure
Internet services.
Virtual Private Network (VPN)

A corporation with multiple geographic sites can use one of two approaches to building a corporate
intranet:
i.
ii.
Private Network Connections
a.
The corporation leases data circuits to connect its sites. Each leased connection extends from a
router at one site to a router at another site.
b.
Advantage: complete privacy
Public Internet Connections
a.
Each site contracts with a local ISP for Internet service. Data sent from one site to another
across the global Internet.
b.
Advantage: lower cost

A corporation may create a Virtual Private Network so that it uses the global Internet to transfer data
among corporate sites, but also takes additional steps to ensure that the corporate sites and data cannot be
accessed by outsiders.

A VPN is usually implemented in software.

First the organization obtains an Internet connection for each of its sites.
SOHO NETWORK MANAGEMENT AND SECURITY
page 7
CH/S6CA/Nov. 2008

Second, the organization chooses a router at each site to run VPN software.

Third, the organization configures the VPN software in each router to know about the VPN routers at
each of the other sites.
Disadvantage:
i. slower connection,
ii. increase data size during
transmission
iii. complicated configuration

Tunneling
i.
To keep information completely hidden as data pass across the Internet from one site to another, VPN
software uses an IP-in-IP tunnel.
ii.
Suppose a computer X at site 1 creates a data signal for a computer Y at site 2. The data is forwarded
through site 1 to router R1 . VPN software on R1 encrypts the original data and encapsulates it in a
new data from transmission to router R2.
SOHO NETWORK MANAGEMENT AND SECURITY
page 8
CH/S6CA/Nov. 2008

As the figures shows, the original data, including the header which has the source and the destination
addresses, are encrypted and encapsulated in an IP data packet.
IPsec

A set of cryptography protocols which allow users to choose between two basic options:
i.
Authentication – i.e. validate the data senders and recipients
ii.
Confidentiality – i.e. encrypt the data content
Intrusion Detection System (IDS)

An Intrusion detection system (IDS) is a system that monitors all packets arriving at a site and notifies
the site administrator if a security violation is detected.

It can be configured to detect attacks such as
i.
Port scanning – An outsider tries successive TCP protocol port numbers to determine the ports on
which the site has a server.
ii.
SYN flood – To make a computer unusable, an outsider sends TCP segments that appear to request a
new TCP connection; when the receiving machine tries to complete the connection, the outsider does
not respond.
Public Key Infrastructure (PKI)

PKI covers the use of public key cryptography and digital certificates as the accepted means of
authentication and access control over the Internet.

Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which
the key used to encrypt a message differs from the key used to decrypt it.

In public key cryptography, a user has a pair of cryptographic keys—a public key and a private key.

The private key is kept secret, while the public key may be widely distributed.

Incoming messages would have been encrypted with the recipient's public key and can only be decrypted
with his corresponding private key.

The keys are related mathematically, but the private key cannot be practically derived from the public
key.
.
SOHO NETWORK MANAGEMENT AND SECURITY
page 9
CH/S6CA/Nov. 2008


Digital certificate
i.
A digital certificate is a digital document that uses the binding of a public key to an individual or
other entity.
ii.
It allows verification of the claim that a specific public key does in fact belong to a specific
individual.
iii.
A Hongkong Post e-Cert contains a public key, the name of the holder, an expiration date, a
certificate serial number and subscriber reference number..
Digital signature
i.
A digital signature is the electronic signature of a signer.
ii.
It is generated by the transformation of the electronic record using asymmetric cryptography and a
hash function.
iii.
A person having the initial untransformed electronic record and the signer's public key can then
determine:a.
whether the transformation was generated using the private key that corresponds to the signer's
public key; and
b.
whether the initial electronic record has been altered since the transformation was generated.
Wired Equivalent Privacy (WEP)

It is an algorithm used to secure wireless WiFi network to provide confidentiality comparable to that of a
traditional wired network.

Two methods of authentication can be used with WEP: Open System authentication and Shared Key
authentication.
i.
Open System authentication. The Wireless LAN client need not provide its credentials to the Access
Point during authentication.
ii.
Shared Key authentication
a.
The client station sends an authentication request to the Access Point.
b.
The Access Point sends back a clear-text challenge.
c.
The client has to encrypt the challenge text using the configured WEP key, and send it back in
another authentication request.
d.
The Access Point decrypts the material, and compares it with the clear-text it had sent.
Depending on the success of this comparison, the Access Point sends back a positive or negative
response.
Reference:
Computer Networks and Internets with Internet Applications, Douglas E. Comer.
http://en.wikipedia.org/
http://www.hongkongpost.gov.hk/support/concept/index.html
SOHO NETWORK MANAGEMENT AND SECURITY
page 10
Related documents
CiscoS3C8
CiscoS3C8
MS Word file
MS Word file
Martin Rodriguez Section 1 1301 ANGD 08/2014 Computer Literacy
Martin Rodriguez Section 1 1301 ANGD 08/2014 Computer Literacy
ChAPTER Answers to End-of
ChAPTER Answers to End-of
Q: Secondary storage – extension of main memory that provides
Q: Secondary storage – extension of main memory that provides
Physical Database Design
Physical Database Design
ITS_3_Review of Storage, Display, and Input Devices
ITS_3_Review of Storage, Display, and Input Devices
07-6810-26
07-6810-26
operating system
operating system
File System Maintenance (continued)
File System Maintenance (continued)
Chapter 2
Chapter 2
1 Introduction
1 Introduction