1 / 34

Logic Design

Logic Design. Network management and security. Network Management Tasks. Monitoring for event notification Monitoring for metrics and ________ Configuration of network __________ Troubleshooting the network. Network Elements. A component of the network that can be managed. Hosts ________

lorna
Download Presentation

Logic Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Logic Design Network management and security

  2. Network Management Tasks • Monitoring for event notification • Monitoring for metrics and ________ • Configuration of network __________ • Troubleshooting the network.

  3. Network Elements • A component of the network that can be managed. • Hosts • ________ • Switches • DSU • _____, • NICs • Cable segments

  4. Network Element Characteristics • ____-to-____ characteristics • Characteristics that can be measured • ________ multiple network elements and • May be extended _______ the entire network, or • Between hosts • Example: capacity, _____, jitter, throughput, _______, network utilization, and ______ of the traffic in the network. • Link and _______ characteristics: • Specific to the type of element being managed. • Example: IP forwarding ____s, buffer utilization in an IP router.

  5. Monitoring • Monitoring: obtaining ______ for the end-to-end, link, and element characteristics. • Collecting data about the desired characteristics • _______ing some or all of this data • Displaying the ______, • Archiving some or all of the data. • Tools: polling, SNMP, or proxy service.

  6. Event Notification • An event can be described as a ______ or _______ in a network element, or when a characteristic crosses a _________ value. • Thresholds may be set on end-to-end or element characteristics for short-term or _________ notification of events. (real-time analysis) • Involves short polling intervals.

  7. Metering • The process of collecting data for the purpose of _____-term analysis called _________. • The measured value called _______s. • Usually at a long polling interval • Establish long-term baselines • Note the trends where measured values ______ from the baseline.

  8. Generating Characteristic Set • Generate a __________ of end-to-end and element characteristics, and plan for the design to have the facilities to monitor these characteristics at short and long-term polling intervals. • For each network element, we want to • generate a table of configuration ____________, • Establish the _________s for adjusting these parameters, • Know and understand the ________ of adjusting the parameters. • How the configuration parameters ______ each network element and the end-to-end characteristics. • Understand the effect of problems with the network elements and how to __________ such problems.

  9. Designing with Manageable Resources • SNMP and SNMPv2 • Get: ________ a parameter. • Get-next: collect a parameter • _____ : configure a parameter • ______: threshold monitoring • CMIP/CMIP over TCP/IP (CMOT)

  10. Instrumentation Method • Instrumentation is the set of ________ provided by the network elements for accessing element characteristics and configuration parameters. • _________ • SNMPv2 • Example: ifInOctets, ifOutOctets, ifInUcastPkts, … • _________ monitoring tool • Ping, traceroute, and tcpdump • ______________ methods • telnet, FTP, TFTP, … • Instrumentation must be accurate, ________, and simple.

  11. Network Management Architecture • ___-band vs. ______-band monitoring • Centralized vs. distributed monitoring • Capacity and delay ___________s • Flows of ___________ data • Configuration of network management

  12. Network management architecture

  13. In-band/out-of-band Monitoring • In-band • The network management data flow over the _____ network that the user network traffic uses. • Simple but difficult to use for troubleshooting, e.g., network ___________. • Out-of-band • Network management data flows use ______ paths from the user network traffic. • Complex and expensive, but allow system to ______ to monitor the network during network events. E.g., ISDN, separate Frame Relay connection or ATM virtual circuit for management data. • Compromise: • Use a redundancy degree of 1 to provide _____-band monitoring.

  14. Out-of-Band Monitoring Network monitoring system _____-band link Polling station

  15. Centralized Monitoring • All monitoring data radiate from one monitoring node. Network monitoring system

  16. Distributed Monitoring • Monitoring data are collected at _______ monitoring nodes and either passed on to display and storage nodes or processed by the monitoring node. Network monitoring system

  17. Capacity and Delay Requirements • Rules of thumb for determining the number and locations of monitoring nodes: • Rule 1: • For a LAN environment, start with ___ monitoring node per subnet. • For each subnet, determine the • # of hosts and network elements to be polled for parameters. • # of __________s to be collected. • ___________ of polling. • For LAN if • >_______ of capacity, reduce parameter. • < ____ of capacity, consolidate the monitoring nodes for some of the subnets. • The management traffic rate should be ________ of the LAN capacity.

  18. Capacity and Delay Requirements (cont.) • Rule 2: • For a WAN/MAN environment, start with one monitoring node per _____ site, or at each WAN/MAN-LAN _________ environment. • Allow no only to ______ the network at each site, but also to ______, verify, and possibly ________ services and service characteristics from the WAN/MAN to each site.

  19. Checks and Balances in Monitoring • Use more than one method for __________ management parameters, in order to ___________ their correctness. • For example, _______ SNMP agent and MIB by using data from RMON agent, traffic analyzers, compare against SNMP-collected data.

  20. Flows of Management Data • Understand how management data is ________ed, _______ed, and ________d. • ______ large numbers of SNMP queries out over time to avoid • Network _________ • Heavy ______ load for generating management parameters.

  21. Management Data Generation and Storage • Rule1: Determine which management data are necessary to keep stored _______ and which ____ may be archived. • _______ analysis(EA) (locally) • ________-term trend analysis (TA) (locally) • Rule 2: Copy every ___ iteration of the parameter (EA and TA) to ______ database location, where N is large enough to keep the size of this data relatively small, yet is small enough so that the data is useful in ________ analysis. • Rule 3: download parameters to storage when traffic load is ______. • Rule 4: A management data –archival system should indicate what the archived data _______ and the _______ that they were collected.

  22. Security • Issues: • Loss of _________ • Impersonation • ___________ of service • Loss of _________

  23. Security Policies • An important part of the security plan in that they help to ______ and ________ how the system can be used with minimal security _______s. • Two common security philosophies: • _____ specifics/_______ all else • Thorough understanding of security ________s. • _______ specifics/_______ all else • Thorough understanding of ______ requirement.

  24. Security Risk Analysis • A process used to determine • which components of the system need to be _____________ and • the types of security ________ they should be protected from.

  25. Risk Analysis Worksheet Effect : A (________) B (Disabling) C (Disruptive) D (No Impact) Likelihood: A (Certain) B (Likely) C (_________) D (Impossible)

  26. Security Mechanisms • _________ security • Security ______________ • User _____________ • Packet ___________s • Application wrappers and gateways • Encryption • ______________s

  27. Physical Security • Limited access to servers, by having protected access and locked ______s, .. • _______ power source and conditioning, and secondary backup storage. • Natural __________, fire, water, structural degradation.

  28. Security Awareness • Getting users involved with the ________ aspects of their system security. • Helping users to understand the potential risks of ________ security guidelines. • Using security-awareness sessions.

  29. User Authentication • ______ that users are who they claim to be. • _____ to implement • Does not have a significant impact on system ______ or network performance. • Require some administration and ______________.

  30. Packet Filters • Deny ________ to or from particular IP addresses or ports. • Protect system form unauthorized use, ______, or destruction of resources, and from ____________ attacks. • Cons: • IP is a ________ address and hard to map to physical entities– address spoofing. • It takes up network resources, _____, and memory.

  31. Application Security Mechanisms • Application __________s • Similar to packet filter and is implemented at _________ running wrapped. • Application ___________s • _______ between protected and unprotected systems. • Can be used to disguise internal host _______.

  32. Encryption • Protects user and other types of data from being _____ and _______. • ________ user data before it is placed on the network. • Cons: reduction in network performance by ___% up to ___%.

  33. Firewalls • Implemented in a _____ that is placed at a strategic location on the network. • Can have different configurations: • Filtering _______ • Application ______ with filtering gateway, • Or a combination of above. • ______ security illusion and _____ network wide open. • Require administration and maintenance.

  34. Security and System Components • Security at the _____ component: • Improve user _______ of security • Teaching users to employ strong _____ construction rules, • Warning users against leaving application sessions ________. • Security at the application • Identify and fix know ________ security holes in the application. • Security at the host • Identify and fix know software security holes in the host ____________ • Restrict unnecessary _______ on the host. • Restrict _______ management and maintenance. • Security at the network • Limit the distribution of ________ for network elements • Implement strong password construction rules and __________ mechanisms. • Keep up-to-date _______ configurations of each network element.

More Related