Oh! My Dream

15.10.10

Network Security and Management


 Introduction
Networks and distributed processing systems are of critical and growing importance in enterprises of all sorts. The trend is toward larger, more complex network supporting more applications and more users. As these networks grown in scale, two facts become evident:
The network and its associated resources and distributed applications become indispensable to the organization.
More things can go wrong, disabling the network or a portion of the network or degrading performance to an unacceptable level.

A large network cannot be put together and managed by human effort alone; the complexity of such a system dictates the use of automated network management tools. The urgency of the need for such tools increased, and the difficulty of supplying such tools is also increased, if the network includes equipment from multiple vendors. Moreover, the increasing decentralization of network services as exemplified by the increasing importance of workstations and client/server computing makes coherent and coordinated network management increasingly difficult. In such complex information systems, many significant network assets are dispersed far from network management personnel.

.       Network Management Requirement
Five key areas of network management as suggested by the International Organization for Standardization (ISO): Fault management, accounting management, configuration and name management, performance management, and security management.
-          Fault management: The facilities that enable the detection, isolation, and correction of abnormal operation of the OSI environment.
o   Determine exactly where the fault is; isolate the rest of the network from the failure so that it can continue to function without interference.
o   Reconfigure or modify the network is such a way as to minimize the impact of operation without the failed component(s).
o   Repair or replace the failed components to restore the network to its initial state.
-          Accounting management: The facilities that enable changes to be established for the use of managed objects and costs to be identified for the use of those managed object.
-          Configuration and name management: The facilities that exercise control over, identify, collect data from, and provide data to managed objects for the purpose of assisting in providing for continuous operation in interconnection services.
o   It’s concerned with initializing a network and gracefully shutting down part or all of the network.
o   It also concerned with maintaining, adding, and updating the relationships among components and the status of components themselves during network operation.
-          Performance management: The facilities needed to evaluate the behavior of managed objects and the effectiveness of communication activities.
o   Performance issues of concern to the network manager include the following: What is the level of capacity utilization? Is there excessive traffic? Has throughput been reduced to unacceptable levels? Are there bottlenecks? Is response time increasing? And so on.
-          Security management: those aspects of OSI security essential to operate OSI network management correctly and to protect managed objects.
o   It’s concerned with generating, distributing, and storing encryption keys.
o   It also concerned with monitoring and controlling access to computer network and access to all or part of the network management information obtained from the network nodes.

2.      Network Technical Control
The most important characteristic of a network and its services is availability. As the use of distributed system has increased within organizations, there has come to be increasing reliance on networks, and the cost of network “downtime” has increased dramatically. Thus, the following are needed (network technical control):
-          Automatic and remote testing and monitoring of the system, to reduce downtime due to the need to locate service personnel.
-          Restoring and/or reconfiguring the system upon failure in real time.
-          Providing network performance and functioning statistics to facilitate planning and management for high availability.

3.      Security Threats
Security threats can be classified as passive and active.
-          Passive attacks have to do with eavesdropping on, or monitoring on transmissions. Email, file transfers and client-server exchanges are the examples of transmissions that can be monitored.
-          Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.

Several reasons from the seriously attacks trend from intruders are:
-          Globalization: the pressures of international competition have spawned a number of recent cases of industrial espionage.
-          The move of client/server architecture: as client/server architectures become increasingly popular, both barriers are removed. Many servers run UNIX, which is notorious for its lack of mainframe-styles security features and is a particular favorite of hackers.
-          Hacker’s steep learning curve: hackers love to share information. Underground bulletin boards are used to exchange dial-in port phone numbers, compromised passwords, security holes in system, and intrusion techniques.




4.      Secure Communication
Three desirable properties of secure communication:
-          Secrecy: only the sender and intended receiver should be able to understand the contents of the transmitted message. Message should be encrypted so that an intercepted message cannot be decrypted (understood).
-          Authentication: both the sender and receiver need to confirm the identity of other party involved in the communication – to confirm that the other party is indeed who or what they claim to be.
-          Message integrity: even if the sender and receiver are able to authenticate each other, they also want to ensure that the content of their communication is not altered, either maliciously or by accident, in transmission.

The essential technology underlying virtually all automated network and computer security application is cryptography.

5.      Principles of Cryptography
Cryptographic techniques allow a sender to disguise data so that an intruder cannot gain any information from the intercepted data  (receiver must be able o recover the original data from the disguised data). Two fundamental approaches are in use: conventional encryption (symmetric encryption), and public-key encryption (asymmetric encryption).

a.      Conventional Encryption (symmetric encryption or single-key encryption)
A conventional encryption scheme has five ingredients:
-          Plaintext: the original message / data that is fed into the algorithm as input.
-          Encryption algorithm: to perform various substitutions and transformation on the plaintext.
-          Secret key: also an input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.
-          Ciphertext: the scrambled message produced as output. It’s depends on the plaintext and the secret key (for a given message, two different keys will produce two different ciphertexts).
-          Decryption algorithm: an algorithm that takes the ciphertext and the secret key and produces the original plaintext.





Two requirements for secure use of conventional encryption:
-          We need a strong encryption algorithm. The opponent should be unable to decrypt ciphertext or discover the key even if he / she is in possession of a number of ciphertexts together with the plaintext that produced each ciphertext.
-          Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure.

b.      Public-key Encryption (asymmetric encryption)
Public-key algorithms are based on mathematical functions rather than on simple operations on bit patterns. It involved the used of two separate keys (contrast with symmetric encryption which using one single-key). A public encryption scheme has six ingredients:
-          Plaintext: the original message / data that is fed into the algorithm as input.
-          Encryption algorithm: perform various substitutions and transformation on the plaintext.
-          Public and private key: a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the encryption algorithm depend on the public or private key that is provide as input.
-          Ciphertext: the scrambled message produced as output. It’s depends on the plaintext and the key (for a given message, two different keys will produce two different ciphertexts).
-          Decryption algorithm: an algorithm that accepts the ciphertext and the matching key and produce the original plaintext.

The process works (produces the correct plaintext on output) regardless of the order in which the pair of keys is used (public key is made for others to use, while private key is known only to its owner).



With this approach, all participants have access to public keys, and private keys are generated locally by each participant and therefore need never be distributed. At any time, a user can change the private key and publish the companion public key to replace the old public key. Advantages of public-key encryption: it provides tremendous flexibility to perform a number of security-related functions (key management and digital signature). Whereas the disadvantages of public-key encryption: slower than conventional encryption.

6.      Encryption Management: Location of Encryption Devices
In an information network there are many locations at which security threads may occur, if encryption is to be used to counter these threats, we need to decide what to encrypt and where the encryption gear should be located. There are two fundamental alternatives: link encryption and end-to-end encryption.
a.       Link encryption: each vulnerable communications link is equipped on both ends with an encryption device (thus, all traffic over all communications links are secure).
-          Disadvantage: at least part of message must be decrypted each time it enters a packet switch (this is necessary because the switch must read the virtual circuit number in the packet header to route the packet).
b.      End-to-end encryption: the encryption process is carried out at the two end systems,
-          The source host / terminal encrypts the data. The data (in encrypted form) are then transmitted unaltered across the network to the destination terminal / host.
-          The destination shares a key with the source and so is able to decrypt the data.
- It’s would seem to secure the transmission against attacks on the network links or switches (however it’s still a weak spot).
1
Posted by Shinobi
Labels:

1 comment:

Andrea said...

I wanted to learn about the network security tools which are preferred and are efficient to use. This post is a quick overview about network security and management. Thanks for this helpful detail.
digital signature FAQ

March 21, 2013 at 3:28 AM

Post a Comment