Results of the CEO Project - WWW Management

This report contains the result of a ‘proof of concept’ study that was performed by the CTIT of the University of Twente, together with ESYS Limited (Guildford, UK) for the Institute of Remote Sensing Applications of the Joint Research Centre (JRC) of the EC (Ispra, Italy). The study is part of the ‘Centre of Earth Observation’ (CEO) programme. The subject of the study was the design and implementation of tools that allow status and utilisation monitoring of networks and distributed information servers. In the specific case of the CEO programme, these information servers are accessible via the WWW and contain large amounts of earth observation data (e.g. satellite pictures). The work division within the project was that ESYS investigated the management applications, which had to run on top of HP-Openview, and the CTIT designed and implemented the management agents. These agents had to include the following Management Information Bases (MIBs): • A HTTP-MIB, with detailed information concerning the WWW document transfer protocol. • A Retrieval Service (RS) MIB, with high level information concerning the WWW document transfer service. • An Information Store (IS) MIB, with information concerning the WWW server and the documents provided by that server. The specifications of these MIBs were presented to the IETF and provided a good starting point for subsequent standardization activities. The agents were implemented as sub-agents of the EMANATE extensible agent package and are currently being tested in a number of field trials

Reduction of false positives in fault detection system using a low pass data filter

Network traffic is bursty in nature and exhibits the property of self-similarity, the degree of which is measured by the Hurst parameter. Now, in any network there is always the possibility of the occurrence of fault traffic that can be caused due to faults or malfunction of a network component. Fault Detection Systems that check for traffic anomalies can trigger off an alert on the detection of any traffic behavior that deviates from normal. Such deviation is usually caused when a fault occurs. But in network traffic sudden bursts may occur due to the inherent behavior of a network application. Due to this burst a fault detection system could generate an alert if the burst crosses a preset threshold even though it is not a fault condition. This paper investigates the use of a data filter to reduce such false positives that may be caused due to sudden bursts or spikes

Monitoring platform for the UBI network infrastructure

Network monitoring is a crucial IT process, which consists of monitoring network devices such as routers, switches, firewalls and servers for performance and fault issues. A good functioning network if vital for an organization, but unfortunately, network outages and performance issues are a part of every organization’s network. Faults, being hardware or human originated, may appear at any time and can give rise to sometimes critical situations. For this reason, network devices should be monitored continuously in a proactive way to prevent these network failures and downtimes. Identifying traffic bottlenecks, faulty components, low performance and other types of issues in an early stage minimizes or even eliminates bigger problems that can occur later on. Efficient proactive monitoring can help prevent network outage and should be implemented by every network administrator. Adopting a secure, low bandwidth consumption and compatible protocol is a good practice when implementing a monitoring solution. One such protocol is the Simple Network Management Protocol (SNMP) and provides a message format for communication between the SNMP managers and agents; it is also supported by most of the present day network devices and servers. The main goal of research described in this dissertation is the study of the various existing freeware SNMP monitoring platforms in the market today and the implementation of the one best suited for the university’s network. The solution would have to be compatible with the university’s multivendor device network and be scalable enough to permit future growth. It should also have a good alerting system to provide a pro-active approach to resolving issues. Implementation, evaluation and conclusions of the best suited monitoring solution are presented during the course of this study

SNMPv2 at Twente University

The management group at Twente University in the Netherlands is currently developing SNMPv2 software. The purpose of this article is to provide an overview of this development and give future plans. It is not the intention to go into to much detail — the last section of this article tells how to obtain more detailed information

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users