Addis Ababa University

Department of Computer
Science

Advanced Computer
Networking
(CS 723)
Chapter 9: Network Management
(Chapter 8: Network Security)
(Chapter 10: Next Generation Networking)
Chapter 8: Network Security
What is network security?
Confidentiality: only sender and intended receiver
should understand message contents
sender encrypts message
receiver decrypts message
Authentication: sender and receiver want to confirm
identity of each other
Message integrity: sender and receiver want to
ensure that message is not altered (in transit, or
afterwards) without detection
Access and availability: services must be accessible
and available to users

Network Security 8-3

Amis and Enemies: Alice, Bob, Trudy
Bob and Alice (amis) want to communicate securely
Trudy (intruder) may intercept, delete or add messages

Alice Bob
data, control
channel
messages

data secure secure data

sender receiver

Trudy

Network Security 8-4

Categories of Attacks/Threats

Normal flow of information

W. Stallings

Network Security 8-5

Security services
Confidentiality
Authentication
Integrity
Non Repudiation
Access Control
Availability

Network Security 9-6

Chapter 9 outline

What is Network Management?

Internet-Standard Management Framework
Structure of Management Information: SMI
Management Information Base: MIB
SNMP Protocol Operations and Transport Mappings
Security and Administration

ASN.1 - Abstract Syntax Notation 1

Network Management 9-7

 What is network management?
Network management is the deployment, integration and
coordination of the hardware, software, and human
elements to monitor, test, configure, analyze, evaluate,
and control the network elements and resources to
meet the real-time, operational performance, and
Quality of Service requirements at a reasonable cost.
Autonomous systems : 100s or 1000s of interacting
hardware/software components
Other complex systems requiring monitoring and
control:
jet airplane
nuclear power plant

Network Management 9-8

Infrastructure for network management

managing entity agent data

managing managed devices contain
data managed device
entity managed objects whose
data is gathered into a
agent data Management
network
management Information
managed device
protocol Base
(MIB)
agent data
agent data
managed device

managed device

Network Management 9-9

Network Operations Center
Networks come in all shapes and size, smallest home
network to largest Tier I - ISP.
Network Operations Centers (NOC) must ensure that
the network is operating smoothly

NOC: Curtsey of Northern Virginia Technology Firm, USA

Network Management 9-10
 Network Management Standards
CMIP (OSI): Common SNMP: Simple Network
Management Management Protocol
Information Protocol
Traces its roots back to SGMP
(Simple Gateway Monitoring Protocol)
designed 1980s: the
started simple
unifying net
management standard deployed, adopted rapidly
too slowly standardized growth: size, complexity
currently: SNMP V3
de facto network management
standard

Network Management 9-11

SNMP and The Internet-Standard Management Framework

Network management in the Internet (the Internet-

Standard Management Framework) is more than a
protocol for moving the management data between
the entities. It has four key parts:
Management information base (MIB):
distributed information store of network management data
Structure of Management Information (SMI):
data definition language for MIB objects

SNMP protocol
convey information and commands between manager and
managed objects (agent executing on behalf of the managing
entity within a managed network)
Security administration capabilities
major addition in SNMPv3
Network Management 9-12
SNMP MIB
MIB object might be a counter such as the number
of IP datagrams discarded at a router due to error
in the datagram header...
Related MIB objects are gathered into MIB modules
MIB modules are specified via SMI

MODULE OBJECT TYPE:

OBJECT TYPE:OBJECT TYPE:

objects specified via SMI

OBJECT-TYPE construct
Network 9-13
Management
SMI: data definition language
Purpose: syntax and semantics of management data
well-defined and unambiguous
OBJECT-TYPE
data type, status, semantics of managed object
MODULE-IDENTITY
groups related objects into MIB module
BASIC DATA TYPE
INTEGER, Integer32, Unsigned32, OCTET,
STRING, OBJECT IDENTIFIED, Ipaddress,
Counter32, Counter64, Guage32, Time

Network Management 9-14

 MIB example: UDP module
Object ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered
at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
no app at port
1.3.6.1.2.1.7.3 UDPInErrors Counter32 # undeliverable datagrams
all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 UDPTable SEQUENCE one entry for each port
in use by app, gives port #
UDP
and IP address

Network Management 9-15

SNMP Naming
question: how to name every possible standard object
(protocol, data, etc..) in every possible network
standard?
answer: ISO Object Identifier tree:
hierarchical naming of all objects
each branch-point has name, number

1.3.6.1.2.1.7.1
ISO udpInDatagrams
ISO-ident. Org. UDP
US DoD MIB2
Internet management
Network Management 9-16
OSI: Object Identifier Tree

www.alvestrand.no/harald/objectid/top.html Network Management 9-17

SNMP protocol
Two ways to convey MIB info, commands:

managing managing
entity entity

request
trap msg
response

agent data agent data

Managed device Managed device

request/response mode trap mode

Network Management 9-18
SNMP protocol: message types
Message type Function
Mgr-to-agent: get me data
GetRequest -One or more MIB object instance
GetNextRequest -Next MIB instance in list or table
-Values in large bulk or large table
GetBulkRequest

InformRequest Mgr-to-Mgr: heres MIB value

SetRequest Mgr-to-agent: set MIB value

Response Agent-to-mgr: value, response to

Request
Trap Agent-to-mgr: inform manager
of exceptional event
Network Management 9-19
SNMP protocol: message formats

Network Management 9-20

 SNMP security and administration
SNMPv3 provides encryption, authentication,
protection against playback attack
encryption: DES-encrypt SNMP message
authentication: compute, send MIC(m,k):
compute hash (MIC) over message (m), secret
shared key (k)
protection against playback: use nonce
arbitrary number generated for security
access control
SNMP entity maintains database of access rights,
policies for various users
database itself accessible as managed object!
Network Management 9-21
The presentation problem
Q: does perfect memory-to-memory copy
solve the communication problem?
A: not always! Most significant stored first
Least significant stored first

struct { test.code a test.code a

char code; test.x 00000001
int x; 00000011 test.x 00000011
} test; 00000001
test.x = 259;
test.code=a host 2 format
host 1 format

problem: different data format, storage conventions

Network Management 9-22
Presentation problem: potential solutions
1. Sender learns receivers format. Sender
translates into receivers format. Sender
sends.
2. Sender sends. Receiver learns senders format.
Receiver translate into receiver-local format
3. Sender translates host-independent format.
Sends. Receiver translates to receiver-local
format.
Translate local-host format to host-independent
format
Transmit data in host-independent format
Translate host-independent format to remote-host
format
Network Management 9-23
ASN.1: Abstract Syntax Notation 1
ISO standard X.680
used extensively in Internet

defined data types, object constructors

like SMI
BER: Basic Encoding Rules
specify how ASN.1-defined data objects to be
transmitted
each transmitted object has Type, Length, Value
(TLV) encoding

Network Management 9-24

TLV Encoding
Idea: transmitted data is self-identifying
T: data type, one of ASN.1-defined types
L: length of data in bytes
V: value of data, encoded according to ASN.1
standard
Tag Value Type
1 Boolean
2 Integer
3 Bitstring
4 Octet string
5 Null
6 Object Identifier
9 Real
Network Management 9-25
TLV
encoding:
example

Value, 259
Length, 2 bytes
Type=2, integer

Value, 5 octets (chars)

Length, 5 bytes
Type=4, octet string
Network Management 9-26
Network Management: summary
Network Management Framework
extremely important: 80% of
network cost
network management framework
Management information base (MIB):
Structure of Management Information (SMI)
SNMP protocol as a tool for conveying information
Security administration capabilities
ASN.1 for data description

Network Management 9-27

Chapter 10: Next Generation Networking
Motivation and Challenges
Self-organizing networks:
(Ad-hoc, sensors and mesh networks;
applications; communication support:
information dissemination, medium access
mechanisms; self-organizing concepts in
infrastructure networks.)
New trends in computer networking
(PAN, Pervasive Computing, Grid computing,
Cloud Computing, etc.)

Network Management 9-28

Mesh Network (Can be Wired/Wireless)

Self Management
Self organization
Self healing
Applications
Wireless ad hoc network
Wireless community network
Mobile ad-hoc network
(MANET)
Vehicular ad-hoc network
(VANET)

Network Management 9-29

Grid, Pervasive and Cloud Computing
Pervasive computing
Everywhere every time Computing.
Making many computers available throughout the
physical environment, while making them effectively
invisible to the user.
It is considered the Third Wave of computing.
The First Wave was many people per computer, the
Second Wave was one person per computer. The
Third Wave will be many computers per person.
Three key technical issues are: power consumption,
user interface, and wireless connectivity.

Network Management 9-30

Grid, Pervasive and Cloud Computing
In Grid computing system, every computer can access the
resources of every other computer belonging to the network.

Network Management 9-31

Grid, Pervasive and Cloud Computing
Cloud computing is Internet-based computing,
whereby shared resources, software and information
are provided to computers and other devices on-
demand, like electricity.

Network Management 9-32