1 pertemuan 26 manajemen jaringan dan network security matakuliah: h0174/jaringan komputer tahun:...
Post on 21-Dec-2015
232 views
TRANSCRIPT
1
Pertemuan 26Manajemen Jaringan dan Network Security
Matakuliah : H0174/Jaringan Komputer
Tahun : 2006
Versi : 1/0
2
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :
• Menjelaskan peran Manajemen Jaringan dan Network Security
4
Network Management
• Networks are becoming indispensable– More complexity makes failure more likely
• Require automatic network management tools• Standards required to allow multi-vendor
networks covering:– Services– Protocols– Management information
• TCP/IP Network has SNMP (Simple Network Management Protocol as platform
5
Key Elements
• Management station or manager• Managed Entities or Agent• Management information base• Network management protocol
6
Management Station - Manager
• Stand alone system or part of shared system• Interface for human network manager• Set of management applications– Data analysis– Fault recovery
• Interface to monitor and control network• Translate manager’s requirements into
monitoring and control of remote elements• Data base of network management
information extracted from managed entities
7
Managed Entities - Agent
• Network Elements such as Hosts, bridges, hubs, routers equipped with agent software
• Allowed to be managed from management station
• Respond to requests for information• Respond to requests for action• Asynchronously supply unsolicited information
8
Management Information Base
• Representation of network resources as objects• Each object represents one aspect of managed
object• MIB is collection of objects (access points) at
agent for management of station• Objects standardized across class of system
9
Network Management Protocol
Link between management station and agent
• TCP/IP uses SNMP• OSI uses Common Management
Information Protocol (CMIP)• SNMPv2 (enhanced SNMP) for OSI and
TCP/IP
11
SNMP Protocol Architecture
• Application-level protocol • Part of TCP/IP protocol suite• Runs over UDP• Manager supports SNMP messages– GetRequest, GetNextRequest, and SetRequest – Port 161
• Agent replies with GetResponse• Agent may issue trap message in response to
event that affects MIB and underlying managed entities – Port 162
15
Security Threats and Attacks
• A threat is a potential violation of security.– Flaws in design, implementation, and
operation.• An attack is any action that violates security.– Active adversary
• Common threats:– Snooping/eavesdropping, alteration, spoofing,
repudiation of origin, denial of receipt, delay and denial of service
16
Types of Attacks
Passive Threats Active Threats
Release of Message Contents
Traffic Analysis
Masquerade Replay Modification of Message Contents
Denial of Service
18
• Using this model requires us to: – select appropriate gatekeeper functions to
identify users – implement security controls to ensure only
authorised users access designated information or resources
• Trusted computer systems can be used to implement this model
Network Access Security
20
• This model requires us to: – design a suitable algorithm for the security
transformation – generate the secret information (keys) used by
the algorithm – develop methods to distribute and share the
secret information – specify a protocol enabling the principals to
use the transformation and secret information for a security service
Model for Network Security