Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun:...
-
date post
19-Dec-2015 -
Category
Documents
-
view
239 -
download
3
Transcript of Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun:...
Manajemen Jaringan dan Network Security
Pertemuan 26
Matakuliah : H0484/Jaringan KomputerTahun : 2007
Bina Nusantara
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :
• Menjelaskan peran Manajemen Jaringan dan Network Security
Bina Nusantara
Outline Materi
• Network Management principles
• Protocol• Security Attacks• Methods of Defence
Bina Nusantara
Network Management
• Networks are becoming indispensable– More complexity makes failure more likely
• Require automatic network management tools• Standards required to allow multi-vendor
networks covering:– Services– Protocols– Management information
• TCP/IP Network has SNMP (Simple Network Management Protocol as platform
Bina Nusantara
Key Elements
• Management station or manager• Managed Entities or Agent• Management information base• Network management protocol
Bina Nusantara
Management Station - Manager
• Stand alone system or part of shared system
• Interface for human network manager• Set of management applications
– Data analysis– Fault recovery
• Interface to monitor and control network• Translate manager’s requirements into
monitoring and control of remote elements• Data base of network management
information extracted from managed entities
Bina Nusantara
Managed Entities - Agent
• Network Elements such as Hosts, bridges, hubs, routers equipped with agent software
• Allowed to be managed from management station• Respond to requests for information• Respond to requests for action• Asynchronously supply unsolicited information
Bina Nusantara
Management Information Base
• Representation of network resources as objects• Each object represents one aspect of managed
object• MIB is collection of objects (access points) at
agent for management of station• Objects standardized across class of system
Bina Nusantara
Network Management Protocol
•OSI uses Common Management Information Protocol (CMIP)
•TCP/IP uses SNMP–SNMPv2 (enhanced SNMP) for OSI and
TCP/IP
Bina Nusantara
SNMP Protocol Architecture
• Application-level protocol • Part of TCP/IP protocol suite• Runs over UDP• Manager supports SNMP messages
– GetRequest, GetNextRequest, and SetRequest
– Port 161• Agent replies with GetResponse• Agent may issue trap message in response
to event that affects MIB and underlying managed entities – Port 162
Bina Nusantara
Security Requirements
• Confidentiality• Integrity
– Authentic– Non Repudiable
• Availability
Bina Nusantara
Security Threats and Attacks
• A threat is a potential violation of security.– Flaws in design, implementation, and
operation.• An attack is any action that violates security.
– Active adversary• Common threats:
– Snooping/eavesdropping, alteration, spoofing, repudiation of origin, denial of receipt, delay and denial of service
Bina Nusantara
Types of Attacks
Passive Threats Active Threats
Release of Message Contents
Traffic Analysis
Masquerade
Replay Modification of Message Contents
Denial of Service
Bina Nusantara
Network Access Security
• Using this model requires us to: – select appropriate gatekeeper functions to
identify users – implement security controls to ensure only
authorised users access designated information or resources
• Trusted computer systems can be used to implement this model
Bina Nusantara
Model for Network Security
• This model requires us to: – design a suitable algorithm for the security
transformation – generate the secret information (keys) used by
the algorithm – develop methods to distribute and share the
secret information – specify a protocol enabling the principals to use
the transformation and secret information for a security service