1. SNMP : Simple Network Management Protocol What is Network Management: • Configuration Management: Keeping track of device settings and how they function • Fault Management : Dealing with problems and emergencies in the network (router stops routing, server loses power, etc.) • Performance Management: How smoothly is the network running? Can it handle the workload it currently has? The Three Parts of SNMP • SNMP Protocol: SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, • • routers, switches and other managed devices. Structure of Management Information (SMI) : Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses Management information base (MIB): distributed information store of network management data. Comprised of agents and managers Agent - process running on each managed node collecting information about the device it is running on. Manager - process running on a management workstation that requests information about devices on the network. Client Pull & Server Push • SNMP is a “client pull” model : The management system (client) “pulls” data from the agent (server). • SNMP is a “server push” model : The agent (server) “pushes” out a trap message to a (client) management system (Many events can be configured to signal a trap, like a network cable fault, failing NIC or Hard Drive, a “General Protection Fault”, or a power supply failure) Question to think about: Why does SNMP be called a “Client Pull & Server Push” model ? And when does Server Push happen ? What is the security concern of SNMP ? Hint: MIB objects being communicated contain critical information about network devices. We don't want just anyone “snooping” into our network to find out our IP addresses, or how long our machines have been running, or whether our links are down, or pretty much anything else. Without security protection, strangers might be able to control or interfere with our managed devices by issuing bogus commands to change MIB objects that control device operation! Or, many TRAPS floods to managing entity to cause DoS attacks. 2. DNS: Domain Name Systems Application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation). The domain name system is usually used to translate a host name into an IP address. Map between IP addresses and name. • IP Addresses are great for computers • • IP address includes information used for routing. IP addresses are tough for humans to remember. Distributed database implemented in hierarchy of many name servers . 13 root name servers worldwide Domain names comprise a hierarchy so that names are unique, yet easy to remember. Why not centralize DNS? • • • single point of failure traffic volume distant centralized database • maintenance no server has all name-to-IP address mappings local name servers: • each ISP, company has local (default) name server • host DNS query first goes to local name server authoritative name server: • for a host: stores that host’s IP address, name • can perform name/address translation for that host’s name Simple DNS example host surf.eurecom.fr wants IP address of gaia.cs.umass.edu 1. contacts its local DNS server, dns.eurecom.fr 2. dns.eurecom.fr contacts root name server, if necessary 3. root name server contacts authoritative name server, dns.umass.edu, if necessary Efficiency : Using Cache to increase efficiency Security Issue: Information Leakage, Dynamic Update Vulnerabilities, Cache Poisoning Question to think about: Why does DNS use distributed architecture instead of a centralized one ? 3. DHCP: Dynamic Host Configuration Protocol Goal: allow host to dynamically obtain its IP address from network server when it joins network • Can renew its lease on address in use • Allows reuse of addresses (only hold address while connected an “on”) • Support for mobile users who want to join network (more shortly) DHCP overview: • host broadcasts “DHCP discover” msg • DHCP server responds with “DHCP offer” msg • host requests IP address: “DHCP request” msg • DHCP server sends address: “DHCP ack” msg Question to think about: If the number of users is far more than the number of available IPs, Dynamic or fixed IP is better and why ? 4. SSL SSL use PKI (public key and private key) to negotiate a session key between 2 parties and then use symmetric key cryptography to encrypt and decrypt data transmitted. Please check Slides for Week 11 : Internet Security . 1. Alice connects to Bob's server 2. Bob's server returns certificate (signed by VeriSign), plus something encrypted with Bob.private_key Alice can verify certificate is valid Uses Bob’s public key to decrypt token Bob authenticated Alice makes one time session key k Encrypts with Bob's public key, sends to Bob Now, can use symmetric key cryptography 3. 4. 5. 6. 7. Question to think about: 1. In PKI (Public Key Infrastructure), Bob and Alice both have their own pair of public and private keys. In other words, Bob has bob.public_key and bob.private_key, and Alice has Alice.public_key and Alice.private_key, respectively. Please figure out how it works in the following 2 scenarios: Bob need to sign the message, and Alice need to authenticate it is Bob Bob need to encrypt the message, and such that only Alice can read the message. 2. Why does SSL first use PKI to exchange a shared session key k between 2 parties, and then use k to perform symmetric cryptography? 5. SIP & RTP First of all, SIP is a signaling protocol handling the call control like inviting to a call, cancel (hang up while ringing), hanging up after ended call and so on. SIP can also include additional information, for example related to how to set up a call with an audio or video stream (called SDP, Session Description Protocol). The SDP information will result in one or more RTP streams (or sessions) to be set up, normally directly between the two user agents. RTP streams are by nature bandwidth and processing intensive. Finally, the Real-Time Control Protocol (RTCP) communicates information about the RTP streams between the user agents (RTCP will either use the specified RTP port + 1 or the port indicated in the SDP message). RTP: Real-Time Protocol, RFC 1889 RTP specifies a packet structure for packets carrying audio and video data RTP packet provides payload type identification, packet sequence numbering, timestamping RTP runs in the end systems. RTP packets are encapsulated in UDP segments Interoperability: If two Internet phone applications run RTP, then they may be able to work together RTP runs on top of UDP RTP Example Consider sending 64 kbps PCM-encoded voice over RTP. Application collects the encoded data in chunks, e.g., every 20 msec = 160 bytes in a chunk. The audio chunk along with the RTP header form the RTP packet, which is encapsulated into a UDP segment. RTP header indicates type of audio encoding in each packet sender can change encoding during a conference. RTP header also contains sequence numbers and timestamps. RTP Header Payload Type (7 bits): Indicates type of encoding currently being used. If sender changes encoding in middle of conference, sender informs the receiver through this payload type field. • Payload type 0: PCM mu-law, 64 kbps • Payload type 3, GSM, 13 kbps • Payload type 7, LPC, 2.4 kbps • Payload type 26, Motion JPEG • Payload type 31. H.261 • Payload type 33, MPEG2 video Sequence Number (16 bits): Increments by one for each RTP packet sent, and may be used to detect packet loss and to restore packet sequence. Timestamp field (32 bytes long). Reflects the sampling instant of the first byte in the RTP data packet. • For audio, timestamp clock typically increments by one for each sampling period (for example, each 125 usecs for a 8 KHz sampling clock) • if application generates chunks of 160 encoded samples, then timestamp increases by 160 for each RTP packet when source is active. Timestamp clock continues to increase at constant rate when source is inactive. SSRC field (32 bits long). Identifies the source of the RTP stream. Each stream in a RTP session should have a distinct SSRC. RTP and QoS RTP does not provide any mechanism to ensure timely delivery of data or provide other quality of service guarantees. RTP encapsulation is only seen at the end systems: it is not seen by intermediate routers. Routers providing best-effort service do not make any special effort to ensure that RTP packets arrive at the destination in a timely matter. SIP: Session Initiation Protocol • All telephone calls and video conference calls take place over the Internet • People are identified by names or e-mail addresses, rather than by phone numbers. • You can reach the callee, no matter where the callee roams, no matter what IP device the callee is currently using. SIP Services Setting up a call Provides mechanisms for caller to let callee know she wants to establish a call Provides mechanisms so that caller and callee can agree on media type and encoding. Provides mechanisms to end call. Determine current IP address of callee. Maps mnemonic identifier to current IP address Call management Add new media streams during call Change encoding during call Invite others Transfer and hold calls SIP messages can be sent over TCP or UDP; Default SIP port number is 5060. SIP is a single component. Works with RTP, but does not mandate it. Can be combined with other protocols and services.