Design and Implementation of a Measurement-Based Policy-Driven Resource Management Framework For Converged Networks

This paper presents the design and implementation of a measurement-based QoS and resource management framework, CNQF (Converged Networks QoS Management Framework). CNQF is designed to provide unified, scalable QoS control and resource management through the use of a policy-based network management paradigm. It achieves this via distributed functional entities that are deployed to co-ordinate the resources of the transport network through centralized policy-driven decisions supported by measurement-based control architecture. We present the CNQF architecture, implementation of the prototype and validation of various inbuilt QoS control mechanisms using real traffic flows on a Linux-based experimental test bed.Comment: in Ictact Journal On Communication Technology: Special Issue On Next Generation Wireless Networks And Applications, June 2011, Volume 2, Issue 2, Issn: 2229-6948(Online

Development of a Network Monitoring System for Ship's Network Security Using SNMP

Nowadays, the risk of unauthorized access or malicious attacks on ship’s systems onboard internally or externally is possible to be a threat to the safe operation of ship’s network. According to the requirements of IEC (International Electro-Technical Commission) 61162-460 network standard, a secure 460-Network is designed for safety and security of networks on board ships and developed a network monitoring software application for monitoring the 460-Network. Therefore, in this thesis to secure the ship’s network, ship’s security network is designed and implemented by using 460-Switch, 460-Nodes, 460-gateway that contains firewalls and DMZ (Demilitarized Zone) with various security application servers in compliance with IEC 61162-460. Also, 460-firewall is used to permit/deny traffic to/from unauthorized networks. 460-NMS (Network Monitoring System) is a network monitoring software application, developed by using SNMP (Simple Network Management Protocol) SharpNet library with.Net 4.5 frameworks and backhand SQLite database management which are used to manage the network information. 460-NMS configures 460-Switch and communicates by SNMP, SNMP Trap, and Syslog to gather the network information and status of each 460-Switch interface. 460-NMS analyze and monitors the 460-Network load, traffic flow, current system status, network failure, or detect unknown device connection. It notifies the system administrator via alarms, notifications or warnings in case if any network problem occurs. To confirm the performance of the designed 460-Network according to the requirements of IEC 61162-460 standard: First, the laboratory is composed of the dedicated network with CISCO 460-Switch, 460-Gateway, Fortigate 460-Firewall, and lab computers. These network devices exclude from external networks such as the internet. The 460-NMS is connected with configured laboratory network to analyze and monitor the network traffic flow, load and device connections by using SNMP. Second, the test of 460-NMS is carried out in a company’s network. That is very complex network environment which includes IEC 61162-460, IEC 61162-450, IEC 61162-3 (NMEA 2000), IEC 61162-1, -2 (NMEA 0183) data networks with 450-Gateway, Gateway 450 to 0183, Gateway N2K to 0183, and Gateway 0183 to N2K and excludes from unauthorized networks. Finally after testing, it is confirmed that the 460-NMS analyzes, monitors the whole 460-network and notifies and warns abnormal status of 460-network as the requirements of IEC 61162-460 international standards.ABSTRACT IX 1. INTRODUCTION 1 1.1 MOTIVATION 1 1.2 STUDY IDEA 4 2. INTERNATIONAL STANDARDS OF SHIP NETWORK 5 2.1 OVERVIEW 5 2.2 SHIP’S DATA NETWORK 7 2.3 IEC 61162-1, IEC 61162-2, NMEA 0183 8 2.4 IEC 61162-3, NMEA 2000 10 2.4.1 CAN 11 2.4.2 NMEA 2000 Messages 12 2.5 IEC 61162-450 14 2.5.1 Function Blocks 15 2.5.2 IEC 61162-450 Message 16 2.5.3 IEC 61162-1 sentence 17 2.6 IEC61162-460 18 2.6.1 Objectives 18 2.6.2 Scope 19 3. 460-NETWORK REQUIREMENTS 21 3.1 OVERVIEW 21 3.1.1 Network Components 21 3.2 460-NETWORK TRAFFIC MANAGEMENT REQUIREMENTS 24 3.2.1 460-Node Requirements 24 3.2.2 460-Switch Requirements 25 3.3 SECURITY REQUIREMENTS 26 3.3.1 Threat Scenarios 26 3.3.2 Internal Network Security Requirements 29 3.3.3 Uncontrolled Network security requirements 30 3.4 460-GATEWAY REQUIREMENTS 32 3.5 IEC 61162 460-NMS REQUIREMENTS 34 3.5.1 460-Node 34 3.5.2 460-Switch 34 3.5.3 Network load-monitoring requirements 35 3.5.4 Syslog recording function requirements 36 3.5.5 SNMP requirements 37 4. 460-GATEWAY DESIGN AND SNMP 38 4.1 SNMP 38 4.1.1 SNMP Components 38 4.1.2 SNMP Versions 39 4.1.3 MIB 41 4.1.4 Syslog 44 4.2 CISCO SWITCH 49 4.2.1 Initial configuration for the Switch 50 4.2.2 IP Configuration 52 4.2.3 SNMP Configuration 53 4.2.4 Syslog Configuration 54 4.3 IEC 61162-460-GATEWAY DESIGN AND 460-NETWORK CONFIGURE 55 5. DESIGN OF A 460-NMS 58 5.1 460-NMS ARCHITECTURE 59 5.2 460-NMS DESIGN AND TOOLS 61 5.2.1 Application Interface 61 5.2.2 Database 62 5.2.3 Backhand developing 62 5.3 ENTITY—RELATIONSHIP DIAGRAMS (ERD) MODEL OF 460-NMS 63 5.4 TRAFFIC FLOW INFORMATION LISTS OF 460-NMS 64 5.5 SNMP MIB DATA PARSING 66 5.5.1 SNMP message parsing 68 5.5.2 SNMP Trap 69 5.5.3 Syslog Parsing 69 6. IMPLEMENTATION AND TESTING OF 460-NMS 70 6.1 460-NMS INTERFACE 70 6.1.1 Login Wizard 70 6.1.2 Main Form 70 6.2 460-NMS TESTING 72 6.2.1 Lab Test 72 6.3 REAL NETWORK TEST 78 7. CONCLUSION 87 REFERENCES 88 APPENDIX 91 1. INFORMATION LIST OF 460-NMS DATABASE 91 2. SYSLOG MESSAGE 94 3. SNMP VERSIONS 96 4. SNMP MESSAGE 97Maste

An Assessment of Practical Hands-On Lab Activities in Network Security Management

With the advancement in technology over the past decades, networks have become increasingly large and complex. In the meantime, cyberattacks have become highly sophisticated making them difficult to detect. These changes make securing a network more challenging than ever before. Hence, it is critical to prepare a comprehensive guide of network security management for students assist them in becoming network security professionals. The objective of this paper is to introduce a variety of techniques related to network security management, such as Simple Network Management Protocol (SNMP), event management, security policy management, risk management, access control, and remote monitoring. With the usage of these techniques, malicious activities from outsiders and misuse by insiders can be effectively monitored and managed. A network learning environment is proposed for students to practice network security management experiments. In addition, hands-on lab exercises are suggested. These activities will help students become familiar with the operations of network security management and allow them to further apply practical skills to protect networks

Mobile agent based distributed network management : modeling, methodologies and applications

The explosive growth of the Internet and the continued dramatic increase for all wireless services are fueling the demand for increased capacity, data rates, support of multimedia services, and support for different Quality of Services (QoS) requirements for different classes of services. Furthermore future communication networks will be strongly characterized by heterogeneity. In order to meet the objectives of instant adaptability to the users\u27 requirements and of interoperability and seamless operation within the heterogeneous networking environments, flexibility in terms of network and resource management will be a key design issue. The new emerging technology of mobile agent (MA) has arisen in the distributed programming field as a potential flexible way of managing resources of a distributed system, and is a challenging opportunity for delivering more flexible services and dealing with network programmability. This dissertation mainly focuses on: a) the design of models that provide a generic framework for the evaluation and analysis of the performance and tradeoffs of the mobile agent management paradigm; b) the development of MA based resource and network management applications. First, in order to demonstrate the use and benefits of the mobile agent based management paradigm in the network and resource management process, a commercial application of a multioperator network is introduced, and the use of agents to provide the underlying framework and structure for its implementation and deployment is investigated. Then, a general analytical model and framework for the evaluation of various network management paradigms is introduced and discussed. It is also illustrated how the developed analytical framework can be used to quantitatively evaluate the performances and tradeoffs in the various computing paradigms. Furthermore, the design tradeoffs for choosing the MA based management paradigm to develop a flexible resource management scheme in wireless networks is discussed and evaluated. The integration of an advanced bandwidth reservation mechanism with a bandwidth reconfiguration based call admission control strategy is also proposed. A framework based on the technology of mobile agents, is introduced for the efficient implementation of the proposed integrated resource and QoS management, while the achievable performance of the overall proposed management scheme is evaluated via modeling and simulation. Finally the use of a distributed cooperative scheme among the mobile agents that can be applied in the future wireless networks is proposed and demonstrated, to improve the energy consumption for the routine management processes of mobile terminals, by adopting the peer-to-peer communication concept of wireless ad-hoc networks. The performance evaluation process and the corresponding numerical results demonstrate the significant system energy savings, while several design issues and tradeoffs of the proposed scheme, such as the fairness of the mobile agents involved in the management activity, are discussed and evaluated

A study of QoS support for real time multimedia communication over IEEE802.11 WLAN : a thesis presented in partial fulfillment of the requirements for the degree of Master of Engineering in Computer Systems Engineering, Massey University, Albany, New Zealand

Quality of Service (QoS) is becoming a key problem for Real Time (RT) traffic transmitted over Wireless Local Area Network (WLAN). In this project the recent proposals for enhanced QoS performance for RT multimedia is evaluated and analyzed. Two simulation models for EDCF and HCF protocols are explored using OPNET and NS-2 simulation packages respectively. From the results of the simulation, we have studied the limitations of the 802.1 le standard for RT multimedia communication and analysed the reasons of the limitations happened and proposed the solutions for improvement. Since RT multimedia communication encompasses time-sensitive traffic, the measure of quality of service generally is minimal delay (latency) and delay variation (jitter). 802.11 WLAN standard focuses on the PHY layer and the MAC layer. The transmitted data rate on PHY layer are increased on standards 802.1 lb, a, g, j, n by different code mapping technologies while 802.1 le is developed specially for the QoS performance of RT-traffics at the MAC layer. Enhancing the MAC layer protocols are the significant topic for guaranteeing the QoS performance of RT-traffics. The original MAC protocols of 802.11 are DCF (Distributed Coordination Function) and PCF (Point Coordinator Function). They cannot achieve the required QoS performance for the RT-traffic transmission. IEEE802.lle draft has developed EDCF and HCF instead. Simulation results of EDCF and HCF models that we explored by OPNET and NS-2, show that minimal latency and jitter can be achieved. However, the limitations of EDCF and HCF are identified from the simulation results. EDCF is not stable under the high network loading. The channel utilization is low by both protocols. Furthermore, the fairness index is very poor by the HCF. It means the low priority traffic should starve in the WLAN network. All these limitations are due to the priority mechanism of the protocols. We propose a future work to develop dynamic self-adaptive 802.11c protocol as practical research directions. Because of the uncertainly in the EDCF in the heavy loading, we can add some parameters to the traffic loading and channel condition efficiently. We provide indications for adding some parameters to increase the EDCF performance and channel utilization. Because all the limitations are due to the priority mechanism, the other direction is doing away with the priority rule for reasonable bandwidth allocation. We have established that the channel utilization can be increased and collision time can be reduced for RT-traffics over the EDCF protocol. These parameters can include loading rate, collision rate and total throughput saturation. Further simulation should look for optimum values for the parameters. Because of the huge polling-induced overheads, HCF has the unsatisfied tradeoff. This leads to poor fairness and poor throughput. By developing enhanced HCF it may be possible to enhance the RI polling interval and TXOP allocation mechanism to get better fairness index and channel utilization. From the simulation, we noticed that the traffics deployment could affect the total QoS performance, an indication to explore whether the classification of traffics deployments to different categories is a good idea. With different load-based traffic categories, QoS may be enhanced by appropriate bandwidth allocation Strategy