* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Computer Networking - Electronic, Electrical and Systems Engineering
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Computer network wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Peer-to-peer wikipedia , lookup
Transcript
Computer Networking Network Management and Security Dr Sandra I. Woolley The IP loopback address is 127.0.0.1 for addressing your own computer. Contents Introduction to network management – SNMP – Traps – Managing servers and users Network security – Footprinting, scanning and enumeration – Behaviour profiles – Malicious programs – Passwords References : Network security essentials - Applications and Standards, W. Stallings, Prentice Hall, 2000, 0-13-016093-8 Hacking exposed, Scambray, McClure and Kurtz, McGraw-Hill, 2nd Ed, 2001, 0-07-212748-1 2 Network Management The ability to manage and control an entire network and all its component parts. The collection of hardware and software to do this is the Network Management System (NMS). Modern networks are large and complex and need automated mechanisms to help with monitoring and management. Network Management We can split management into three parts. Infrastructure management – the network infrastructure; cables, hubs, network cards, etc. Server management – the information sources. http://pacificcomputersolutions.com/images/server.room460x276.jpg User management – “keeping the users under control”. Network Infrastructure Management Fault management - Detecting, isolating and correcting faults. Both active components (bridges, routers, LAN cards) and passive (cables.) Accounting management – Accumulation and analysis of usage statistics. Useful for user monitoring and charging, particularly where public networks are used. Configuration management – Monitoring and controlling the set-up and changes to network equipment. Performance management – Gathering and analysing network statistics such as throughput and capacity. Used to identify bottlenecks, spare capacity and predict future requirements. Security management – Controlling access to network operations. Includes access control, encryption and authorisation. 5 Historic Network Management Early network devices were managed using proprietary systems. They used custom protocols and often were not scalable outside the LAN. Modern networks are multi-vendor* and extend to the WAN – a standard was needed. *systems from multiple manufacturers http://www.theregister.co.uk/2002/10/24/server_room_dangerous_heres_bofh/ 6 Simple Network Management Protocol SNMP Usually abbreviated to SNMP A standard TCP/IP protocol (RFC 1157, 1990) There were a number of vulnerabilities in this first version including, for example, plaintext password communication. Improvements to SNMP include V2 in 1993 and V3 in 2004. SNMP defines a structure for collecting, delivering and storing network information. MIB (Management Information Base) SNMP Functionality SNMP devices collect statistics and the Network Management Station (NMS) receives this data regularly. To minimise traffic, the collection period can be long, say 5 minutes. However, something important may happen. A fast reporting mechanism is also needed. Devices can ‘trap’ an event and send a message to the NMS for immediate action. Traps Traps are can be used to quickly report things like:– Excessive traffic – Excessive collisions (e.g., from CSMA/CD) – Low traffic (may indicate a fault somewhere?) – Broken or disconnected cables – Devices powered down (trap sent from another device) SNMP Trap Managing Software http://www.oidview.com/snmp_trap_management.html Server Management Servers: e.g., web, intranet, filespace. Various operating systems including versions of Windows and Unix. Each one has its own peculiarities. Server management is closely linked to user management – preventing the users (and hackers!) damaging the systems. Robust data backup is essential. In large systems active filespace would be stored on RAID systems (redundant array of inexpensive disks). Entire tape backups would be done regularly (say weekly) with incremental backups performed each night. Tapes would be stored in fire-proof, water-proof safes. 10 User Management “Networks are totally reliable … until the users login.” Accidental problems – forgotten passwords – deleted files etc. Loopholes – web server – networked machines that allow user installs or user write access Deliberate hacks – users trying to stop the system working for malicious reasons http://www.thinkgeek.com/homeoffice/supplies/a475/ 11 Smaller Networks Small Networks Most small networks are SOHO (small office/ home office) users use the network as a tool, say up to 10 users with no formal administrator. All users often have full access to everything, e.g. secretaries can all read and write to each others computers. In the past, such networks were not connected to the Internet (the ultimate security solution?) Medium Networks Between 10 and 200 users, often with a single server. Still managed by one administrator who controls everything. Users still know each other by name, so casual file access may be tolerated. 12 Bigger Networks Large Networks Over a few hundred users, multiple servers and multiple administrators. E.g., the University network. Some users will be computer literate and may enjoy the challenge of exploring or defeating security mechanisms. Management becomes complex and more challenging. Enormous Networks – The Internet No real central control – available to anyone on the planet. Users are not traceable – no need to logon to the Internet. ISP’s will sign up anyone using a random name. Email names are available with no checking. There are very many hackers. 13 Network Security Content Footprinting, scanning and enumeration. Detecting intruders Malicious programs Passwords Selected figures are from “Network Security Essentials – Applications and Standards”, W. Stallings, Prentice Hall, ISBN 0-13-016093 (The author has written other excellent titles in networking and security). http://www.2600.com/ Security - Accessing Network Information Footprinting – Gathering information on a network (creating a profile of an organization’s security posture - identifying a list of network and IP addresses.) Scanning – Identifying live and reachable target systems. (Ping sweeps, port scans, application of automated discovery tools). Enumeration – Extracting account information. (Examining active connections to systems). 16 Behaviour Profiles 17 Social Engineering Manipulating people to divulge confidential information rather than using technical cracking skills. E.g., Phishing – Typically emails that appear to come from legitimate sources requesting information. Often provides a link to a web page that looks like the legitimate one. 18 Malicious Programs 19 Malicious Programs Trap doors – A secret entry point into a program which circumnavigates the usual security access procedures. – Often legitimately used for debugging and testing - but vulnerable to misuse. Logic bombs – Code embedded into a legitimate program that is set to ‘explode’ when some conditions are met. – E.g. test for dates. In a famous case, a logic bomb tested for an employee ID number and triggered if it failed to be listed on the payroll in 2 consecutive months. Trojan horses – An apparently useful program containing hidden code that performs unwanted/harmful functions when invoked. 20 Malicious Programs Viruses – A program that can infect other programs by modifying them (the modification includes a copy of the virus program). Dormant phase : Virus is idle until activated by some event such as a date, presence of some other file or capacity of disk. Propagation phase : The virus places a copy of itself into another program or filespace. Triggering phase : The virus is activated by an event. This may be related to the number of copies made of itself. Execution phase : The function is performed. Worms – Use network connections to spread from system to system. Once active within a system, a network worm can behave as a virus or bacteria or could implant Trojan horses. To replicate itself a worm needs a network vehicle, e.g., e-mail, remote login or execution capabilities. Bacteria – Programs that do not explicitly damage files - but simply replicate. Eventually replication may result in taking up all processor capacity, memory, disk space. 21 Passwords Some users, when allowed to choose any password, will select very short ones. William Stallings is a famous network security author. He quotes the example here from Purdue University. People also tend to select guessable passwords. Passwords Stallings references a report which demonstrates the effectiveness of password guessing. The author collected UNIX passwords from a variety of encrypted password files. Nearly 25% of passwords were guessed with the following strategy:– Try user’s name, initials, account name (130 permutations for each). – Try dictionary words - including the system’s own on-line dictionary (60,000 words). – Try permutations of words from step above (Including making first letter uppercase or a control character, making the entire word uppercase, reversing the word, changing o’s to 0’s etc (another 1 million words to try). – More capitalization permutations (another million words to check). 23 24 Thank You Computer Networking Wireless Networks New Standards, new applications, new issues Dr Sandra I. Woolley Progress Toward Wearable Computing Computers are getting smaller and smaller ... Decreasing size >>> Increasing mobility >>> Decreasing visibility/noticeability Room computer … desktop … luggable … portable … palmtop … handheld… embedded … wearable … invisible? Alex Bilstein holding the first "luggable" computer, the 1981 Osborne 1 photo by Jana Birchum Flexible screen technology developed by Universal Display. Toshiba's 0.85 inch hard disk drive can store 4 GB of data. Mobility and Usability Computing and communications don’t naturally suit mobility. New physical interfaces beyond the keyboard/keypad and mouse are needed. And new software interfaces beyond WIMP (Windows, Icons, Mouse, pointer) are needed also. Keeping users mobile and task-focused presents interesting challenges. The new motorway signs “THINK DON'T PHONE WHILE DRIVING” are a sign of the time. Left top :TINMITH2 - the mobile research AR platform developed at the Wearable Computer Laboratory in the University of South Australia. Above middle : wearcam.org and right Chris Baber at Birmingham Mobile Technology and Solutions New, and sometimes simple, ideas can make mobility easier. And there are some useful new technologies and products. Wireless communications, e.g., WiFi, bluetooth, sensor network Smart phones and 3G RFID tagging technology GPS : “SATNAV”, TomTom GO Wireless and Personal Area Networks IEEE 802.15 - Wireless PAN (Personal Area Network) Standards. – Wi-Fi (IEEE 802.11b and g) and Bluetooth (IEEE 802.15.1) – Sensor area networks (IEEE 802.15.4) and Zigbee for low-power short range wireless communications. Challenges in design and management of communications in mobile multi-sensing systems interacting with other mobile multisensing systems and in multi-sensing environments. Applications Zigbee or OEM Application Profiles Application Framework Network and Security Layers Zigbee Alliance Platform MAC Layer IEEE 802.15.4 PHY Layer 2.4GHz Silicon 868/915 MHz Zigbee Stack Application Privacy and Security Issues of digital and pervasive privacy and security are active areas of debate and research. “Privacy is dead, deal with it,” Sun MicroSystems CEO, Scott McNealy. “Privacy : The Achilles heel of Pervasive Computing” M.Satyanarayanan (Editorial of IEEE Pervasive Computing Magazine on special issue on Security and Privacy, 2003.) Unease associated with pervasive computing systems might involve location tracking and “smart spaces” monitoring user locations and activities on an almost continual basis. New pervasive computing infrastructures can expect new classes of malicious software. Top: (c) Chuck Painter/Stanford News Service - Ralph Merkle, Martin Hellman, Whitfield Diffie (1977) - defined a system of safe key exchange Middle: Adi Shamir, Ronald Rivest andLeonard Adleman creators of RSA (used in PGP) What About Wireless Security? There are increasing concerns about the security of new wireless networks. What about the ‘hackability’ of smarthomes? Bluetooth viruses are now appearing and there is a growing awareness that malware is going mobile. Security for new wireless networks is an active area of research. 32 What About EMF Exposure? We humans are electro-chemical beings. Excessive exposure to electromagnetic fields has a negative impact on human health and causes chromosomal damage. However, there is no consensus on what is excessive and what is safe. Can much lower power systems be made in the future? Can wireless systems seamlessly interoperate with wired systems? “The Body Electric” summarises a few of the issues. (The presentation can be found on my web page). http://www.eee.bham.ac.uk/woolleysi/thebodyelectric.ppt 33 In the News ... JAMA (Journal of the American Medical Association) has recently published an article that has received interest. The article demonstrates that mute (but “on”) cell phones alter brain metabolism (shift to glucose metabolism.) The effects are unknown. Thank You