Manajemen Jaringan dan Network Security

Pertemuan 26

Matakuliah : H0484/Jaringan KomputerTahun : 2007

Bina Nusantara

Learning Outcomes

Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :

• Menjelaskan peran Manajemen Jaringan dan Network Security

Bina Nusantara

Outline Materi

• Network Management principles

• Protocol• Security Attacks• Methods of Defence

Bina Nusantara

Network Management

• Networks are becoming indispensable– More complexity makes failure more likely

• Require automatic network management tools• Standards required to allow multi-vendor

networks covering:– Services– Protocols– Management information

• TCP/IP Network has SNMP (Simple Network Management Protocol as platform

Bina Nusantara

Key Elements

• Management station or manager• Managed Entities or Agent• Management information base• Network management protocol

Bina Nusantara

Management Station - Manager

• Stand alone system or part of shared system

• Interface for human network manager• Set of management applications

– Data analysis– Fault recovery

• Interface to monitor and control network• Translate manager’s requirements into

monitoring and control of remote elements• Data base of network management

information extracted from managed entities

Bina Nusantara

Managed Entities - Agent

• Network Elements such as Hosts, bridges, hubs, routers equipped with agent software

• Allowed to be managed from management station• Respond to requests for information• Respond to requests for action• Asynchronously supply unsolicited information

Bina Nusantara

Management Information Base

• Representation of network resources as objects• Each object represents one aspect of managed

object• MIB is collection of objects (access points) at

agent for management of station• Objects standardized across class of system

Bina Nusantara

Network Management Protocol

•OSI uses Common Management Information Protocol (CMIP)

•TCP/IP uses SNMP–SNMPv2 (enhanced SNMP) for OSI and

TCP/IP

Bina Nusantara

SNMP Protocol Architecture

• Application-level protocol • Part of TCP/IP protocol suite• Runs over UDP• Manager supports SNMP messages

– GetRequest, GetNextRequest, and SetRequest

– Port 161• Agent replies with GetResponse• Agent may issue trap message in response

to event that affects MIB and underlying managed entities – Port 162

Bina Nusantara

SNMPv1 Configuration

Bina Nusantara

Role of SNMP v1

Bina Nusantara

Security Requirements

• Confidentiality• Integrity

– Authentic– Non Repudiable

• Availability

Bina Nusantara

Security Threats and Attacks

• A threat is a potential violation of security.– Flaws in design, implementation, and

operation.• An attack is any action that violates security.

– Active adversary• Common threats:

– Snooping/eavesdropping, alteration, spoofing, repudiation of origin, denial of receipt, delay and denial of service

Bina Nusantara

Types of Attacks

Passive Threats Active Threats

Release of Message Contents

Traffic Analysis

Masquerade

Replay Modification of Message Contents

Denial of Service

Bina Nusantara

Network Access Security

• Using this model requires us to: – select appropriate gatekeeper functions to

identify users – implement security controls to ensure only

authorised users access designated information or resources

• Trusted computer systems can be used to implement this model

Bina Nusantara

Model for Network Security

• This model requires us to: – design a suitable algorithm for the security

transformation – generate the secret information (keys) used by

the algorithm – develop methods to distribute and share the

secret information – specify a protocol enabling the principals to use

the transformation and secret information for a security service

Bina Nusantara

Methods of Defence

• Encryption• Software Controls

– Access limitations in a data base– In operating system protect each user

from other users• Hardware Controls

– Smartcard, biometric• Policies

– Frequent changes of passwords• Physical Controls