Matakuliah
Tahun
Versi
: H0174/Jaringan Komputer
: 2006
: 1/0
Pertemuan 26
Manajemen Jaringan dan Network Security
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Menjelaskan peran Manajemen Jaringan dan Network
Security
2
Outline Materi
• SNMP
• Firewall
3
Network Management
• Networks are becoming indispensable
– More complexity makes failure more likely
• Require automatic network management tools
• Standards required to allow multi-vendor
networks covering:
– Services
– Protocols
– Management information
• TCP/IP Network has SNMP (Simple Network
Management Protocol as platform
4
Key Elements
•
•
•
•
Management station or manager
Managed Entities or Agent
Management information base
Network management protocol
5
Management Station - Manager
• Stand alone system or part of shared system
• Interface for human network manager
• Set of management applications
– Data analysis
– Fault recovery
• Interface to monitor and control network
• Translate manager’s requirements into
monitoring and control of remote elements
• Data base of network management
information extracted from managed entities
6
Managed Entities - Agent
• Network Elements such as Hosts, bridges, hubs,
routers equipped with agent software
• Allowed to be managed from management
station
• Respond to requests for information
• Respond to requests for action
• Asynchronously supply unsolicited information
7
Management Information Base
• Representation of network resources as objects
• Each object represents one aspect of managed
object
• MIB is collection of objects (access points) at
agent for management of station
• Objects standardized across class of system
8
Network Management Protocol
Link between management station and agent
• TCP/IP uses SNMP
• OSI uses Common Management
Information Protocol (CMIP)
• SNMPv2 (enhanced SNMP) for OSI and
TCP/IP
9
Protocol Capabilities
• Get
• Set
• Notify
10
SNMP Protocol Architecture
•
•
•
•
Application-level protocol
Part of TCP/IP protocol suite
Runs over UDP
Manager supports SNMP messages
– GetRequest, GetNextRequest, and SetRequest
– Port 161
• Agent replies with GetResponse
• Agent may issue trap message in response to
event that affects MIB and underlying managed
entities
– Port 162
11
SNMPv1 Configuration
12
Role of SNMP v1
13
Security Requirements
• Confidentiality
• Integrity
– Authentic
– Non Repudiable
• Availability
14
Security Threats and Attacks
• A threat is a potential violation of security.
– Flaws in design, implementation, and
operation.
• An attack is any action that violates security.
– Active adversary
• Common threats:
– Snooping/eavesdropping, alteration, spoofing,
repudiation of origin, denial of receipt, delay
and denial of service
15
Types of Attacks
Passive Threats
Release of
Message Contents
Traffic
Analysis
Active Threats
Masquerade
Replay
Modification of
Message Contents
Denial of
Service
16
Network Access Security
17
Network Access Security
• Using this model requires us to:
– select appropriate gatekeeper functions to
identify users
– implement security controls to ensure only
authorised users access designated
information or resources
• Trusted computer systems can be used to
implement this model
18
Model for Network Security
19
Model for Network Security
• This model requires us to:
– design a suitable algorithm for the security
transformation
– generate the secret information (keys) used by
the algorithm
– develop methods to distribute and share the
secret information
– specify a protocol enabling the principals to
use the transformation and secret information
for a security service
20
Methods of Defence
• Encryption
• Software Controls
– Access limitations in a data base
– In operating system protect each user
from other users
• Hardware Controls
– Smartcard, biometric
• Policies
– Frequent changes of passwords
• Physical Controls
21