Protecting SNMP Through MarketNet

As dependency on information technology becomes more critical so does the need for network computer security. Because of the distributed nature of networks, large-scale information systems are highly vulnerable to negative elements such as intruders and attackers. The types of attack on a system can be diverse and from different sources. Some of the factors contributing to creating an insecure system are the relentless pace of technology, the need for information processing, and the heterogeneity of hardware and software. In addition to these insecurities, the growth and success of e-commerce make networks a desirable target for intruders to steal credit card numbers, bank account balances, and other valuable information. This paper looks at two different security technologies, SNMP v3 and MarketNet, their architectures and how they have been developed to protect network resources and services, such as, internet applications, devices, and other services, against attacks

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

On the use of mobility in distributed network management

Information Technology has been under unprecedented transformations and it is dramatically changing the way of work inside organizations. Information management systems must be adequate to cope with the profound effects of this evolution, which expectations includes the introduction into the networks of enormous quantities of different elements. Mobile agent paradigm seems to be, for many researchers, the right solution to deal with the pressures of these new demands. This paper discuss the issues around mobility of code on network management environments and presents ongoing work that provides mobility capability to distributed managers upon recent work of IETF’s Disman working group

An Assessment of Practical Hands-On Lab Activities in Network Security Management

With the advancement in technology over the past decades, networks have become increasingly large and complex. In the meantime, cyberattacks have become highly sophisticated making them difficult to detect. These changes make securing a network more challenging than ever before. Hence, it is critical to prepare a comprehensive guide of network security management for students assist them in becoming network security professionals. The objective of this paper is to introduce a variety of techniques related to network security management, such as Simple Network Management Protocol (SNMP), event management, security policy management, risk management, access control, and remote monitoring. With the usage of these techniques, malicious activities from outsiders and misuse by insiders can be effectively monitored and managed. A network learning environment is proposed for students to practice network security management experiments. In addition, hands-on lab exercises are suggested. These activities will help students become familiar with the operations of network security management and allow them to further apply practical skills to protect networks

Monitoring platform for the UBI network infrastructure

Network monitoring is a crucial IT process, which consists of monitoring network devices such as routers, switches, firewalls and servers for performance and fault issues. A good functioning network if vital for an organization, but unfortunately, network outages and performance issues are a part of every organization’s network. Faults, being hardware or human originated, may appear at any time and can give rise to sometimes critical situations. For this reason, network devices should be monitored continuously in a proactive way to prevent these network failures and downtimes. Identifying traffic bottlenecks, faulty components, low performance and other types of issues in an early stage minimizes or even eliminates bigger problems that can occur later on. Efficient proactive monitoring can help prevent network outage and should be implemented by every network administrator. Adopting a secure, low bandwidth consumption and compatible protocol is a good practice when implementing a monitoring solution. One such protocol is the Simple Network Management Protocol (SNMP) and provides a message format for communication between the SNMP managers and agents; it is also supported by most of the present day network devices and servers. The main goal of research described in this dissertation is the study of the various existing freeware SNMP monitoring platforms in the market today and the implementation of the one best suited for the university’s network. The solution would have to be compatible with the university’s multivendor device network and be scalable enough to permit future growth. It should also have a good alerting system to provide a pro-active approach to resolving issues. Implementation, evaluation and conclusions of the best suited monitoring solution are presented during the course of this study

A Monitoring System for the BaBar INFN Computing Cluster

Monitoring large clusters is a challenging problem. It is necessary to observe a large quantity of devices with a reasonably short delay between consecutive observations. The set of monitored devices may include PCs, network switches, tape libraries and other equipments. The monitoring activity should not impact the performances of the system. In this paper we present PerfMC, a monitoring system for large clusters. PerfMC is driven by an XML configuration file, and uses the Simple Network Management Protocol (SNMP) for data collection. SNMP is a standard protocol implemented by many networked equipments, so the tool can be used to monitor a wide range of devices. System administrators can display informations on the status of each device by connecting to a WEB server embedded in PerfMC. The WEB server can produce graphs showing the value of different monitored quantities as a function of time; it can also produce arbitrary XML pages by applying XSL Transformations to an internal XML representation of the cluster's status. XSL Transformations may be used to produce HTML pages which can be displayed by ordinary WEB browsers. PerfMC aims at being relatively easy to configure and operate, and highly efficient. It is currently being used to monitor the Italian Reprocessing farm for the BaBar experiment, which is made of about 200 dual-CPU Linux machines.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 10 pages, LaTeX, 4 eps figures. PSN MOET00