1

Pertemuan 26Manajemen Jaringan dan Network Security

Matakuliah : H0174/Jaringan Komputer

Tahun : 2006

Versi : 1/0

2

Learning Outcomes

Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :

• Menjelaskan peran Manajemen Jaringan dan Network Security

3

Outline Materi

• SNMP• Firewall

4

Network Management

• Networks are becoming indispensable– More complexity makes failure more likely

• Require automatic network management tools• Standards required to allow multi-vendor

networks covering:– Services– Protocols– Management information

• TCP/IP Network has SNMP (Simple Network Management Protocol as platform

5

Key Elements

• Management station or manager• Managed Entities or Agent• Management information base• Network management protocol

6

Management Station - Manager

• Stand alone system or part of shared system• Interface for human network manager• Set of management applications– Data analysis– Fault recovery

• Interface to monitor and control network• Translate manager’s requirements into

monitoring and control of remote elements• Data base of network management

information extracted from managed entities

7

Managed Entities - Agent

• Network Elements such as Hosts, bridges, hubs, routers equipped with agent software

• Allowed to be managed from management station

• Respond to requests for information• Respond to requests for action• Asynchronously supply unsolicited information

8

Management Information Base

• Representation of network resources as objects• Each object represents one aspect of managed

object• MIB is collection of objects (access points) at

agent for management of station• Objects standardized across class of system

9

Network Management Protocol

Link between management station and agent

• TCP/IP uses SNMP• OSI uses Common Management

Information Protocol (CMIP)• SNMPv2 (enhanced SNMP) for OSI and

TCP/IP

10

Protocol Capabilities

• Get• Set• Notify

11

SNMP Protocol Architecture

• Application-level protocol • Part of TCP/IP protocol suite• Runs over UDP• Manager supports SNMP messages– GetRequest, GetNextRequest, and SetRequest – Port 161

• Agent replies with GetResponse• Agent may issue trap message in response to

event that affects MIB and underlying managed entities – Port 162

12

SNMPv1 Configuration

13

Role of SNMP v1

14

Security Requirements

• Confidentiality• Integrity– Authentic– Non Repudiable

• Availability

15

Security Threats and Attacks

• A threat is a potential violation of security.– Flaws in design, implementation, and

operation.• An attack is any action that violates security.– Active adversary

• Common threats:– Snooping/eavesdropping, alteration, spoofing,

repudiation of origin, denial of receipt, delay and denial of service

16

Types of Attacks

Passive Threats Active Threats

Release of Message Contents

Traffic Analysis

Masquerade Replay Modification of Message Contents

Denial of Service

17

Network Access Security

18

• Using this model requires us to: – select appropriate gatekeeper functions to

identify users – implement security controls to ensure only

authorised users access designated information or resources

• Trusted computer systems can be used to implement this model

Network Access Security

19

Model for Network Security

20

• This model requires us to: – design a suitable algorithm for the security

transformation – generate the secret information (keys) used by

the algorithm – develop methods to distribute and share the

secret information – specify a protocol enabling the principals to

use the transformation and secret information for a security service

Model for Network Security

21

Methods of Defence

• Encryption• Software Controls – Access limitations in a data base– In operating system protect each user

from other users• Hardware Controls– Smartcard, biometric

• Policies– Frequent changes of passwords

• Physical Controls