Protecting SNMP Through MarketNet

As dependency on information technology becomes more critical so does the need for network computer security. Because of the distributed nature of networks, large-scale information systems are highly vulnerable to negative elements such as intruders and attackers. The types of attack on a system can be diverse and from different sources. Some of the factors contributing to creating an insecure system are the relentless pace of technology, the need for information processing, and the heterogeneity of hardware and software. In addition to these insecurities, the growth and success of e-commerce make networks a desirable target for intruders to steal credit card numbers, bank account balances, and other valuable information. This paper looks at two different security technologies, SNMP v3 and MarketNet, their architectures and how they have been developed to protect network resources and services, such as, internet applications, devices, and other services, against attacks

VINEA: a policy-based virtual network embedding architecture

Network virtualization has enabled new business models by allowing infrastructure providers to lease or share their physical network. To concurrently run multiple customized virtual network services, such infrastructure providers need to run a virtual network embedding protocol. The virtual network embedding is the (NP-hard) problem of matching constrained virtual networks onto the physical network. We present the design and implementation of a policy-based architecture for the virtual network embedding problem. By policy, we mean a variant aspect of any of the (invariant) embedding mechanisms: resource discovery, virtual network mapping, and allocation on the physical infrastructure. Our architecture adapts to different scenarios by instantiating appropriate policies, and has bounds on embedding efficiency and on convergence embedding time, over a single provider, or across multiple federated providers. The performance of representative novel policy configurations are compared over a prototype implementation. We also present an object model as a foundation for a protocol specification, and we release a testbed to enable users to test their own embedding policies, and to run applications within their virtual networks. The testbed uses a Linux system architecture to reserve virtual node and link capacities.National Science Foundation (CNS-0963974

In-network Sparsity-regularized Rank Minimization: Algorithms and Applications

Given a limited number of entries from the superposition of a low-rank matrix plus the product of a known fat compression matrix times a sparse matrix, recovery of the low-rank and sparse components is a fundamental task subsuming compressed sensing, matrix completion, and principal components pursuit. This paper develops algorithms for distributed sparsity-regularized rank minimization over networks, when the nuclear- and $\ell_1$-norm are used as surrogates to the rank and nonzero entry counts of the sought matrices, respectively. While nuclear-norm minimization has well-documented merits when centralized processing is viable, non-separability of the singular-value sum challenges its distributed minimization. To overcome this limitation, an alternative characterization of the nuclear norm is adopted which leads to a separable, yet non-convex cost minimized via the alternating-direction method of multipliers. The novel distributed iterations entail reduced-complexity per-node tasks, and affordable message passing among single-hop neighbors. Interestingly, upon convergence the distributed (non-convex) estimator provably attains the global optimum of its centralized counterpart, regardless of initialization. Several application domains are outlined to highlight the generality and impact of the proposed framework. These include unveiling traffic anomalies in backbone networks, predicting networkwide path latencies, and mapping the RF ambiance using wireless cognitive radios. Simulations with synthetic and real network data corroborate the convergence of the novel distributed algorithm, and its centralized performance guarantees.Comment: 30 pages, submitted for publication on the IEEE Trans. Signal Proces

Towards innovative solutions for monitoring precipitation in poorly instrumented regions: real-time system for collecting power levels of microwave links of mobile phone operators for rainfall quantification in Burkina Faso

Since the 1990s, mobile telecommunication networks have gradually become denser around the world. Nowadays, large parts of their backhaul network consist of commercial microwave links (CMLs). Since CML signals are attenuated by rainfall, the exploitation of records of this attenuation is an innovative and an inexpensive solution for precipitation monitoring purposes. Performance data from mobile operators’ networks are crucial for the implementation of this technology. Therefore, a real-time system for collecting and storing CML power levels from the mobile phone operator “Telecel Faso” in Burkina Faso has been implemented. This new acquisition system, which uses the Simple Network Management Protocol (SNMP), can simultaneously record the transmitted and received power levels from all the CMLs to which it has access, with a time resolution of one minute. Installed at “Laboratoire des Matériaux et Environnement de l’Université Joseph KI-ZERBO (Burkina Faso)”, this acquisition system is dynamic and has gradually grown from eight, in 2019, to more than 1000 radio links of Telecel Faso’s network in 2021. The system covers the capital Ouagadougou and the main cities of Burkina Faso (Bobo Dioulasso, Ouahigouya, Koudougou, and Kaya) as well as the axes connecting Ouagadougou to these citie

Hardware Interfacing in the Broadcast Industry Using Simple Network Management Protocol (SNMP)

Communication between various broadcast equipment plays a major role in the daily operation of a typical broadcast facility. For example, editing equipment must interface with tape machines, production switchers must interface with font generators and video effect equipment, and satellite ground controllers must interface with satellite dishes and receivers. Communication between these devices may be a simple hardware handshake configuration or a more elaborate software based communications via serial or parallel interfacing. This thesis concerns itself with the software interfacing needed to allow various dissimilar types of equipment to communicate, and therefore, interface with each other. The use of Simple Network Management Protocol (SNMP) in a non-typical manner for the purpose of hardware interfacing is the basis for this work

An SNMP filesystem in userspace

Modern computer networks are constantly increasing in size and complexity. Despite this, data networks are a critical factor for the success of many organizations. Monitoring their health and operation sta- tus is fundamental, and usually performed through specific network man- agement architectures, developed and standardized in the last decades. On the other hand, file systems have become one of the best well known paradigms of human-computer interaction, and have been around since early days in the personal computer industry. In this paper we propose a file system interface to network management information, allowing users to open, edit and visualize network and systems operation information

Results of the CEO Project - WWW Management

This report contains the result of a ‘proof of concept’ study that was performed by the CTIT of the University of Twente, together with ESYS Limited (Guildford, UK) for the Institute of Remote Sensing Applications of the Joint Research Centre (JRC) of the EC (Ispra, Italy). The study is part of the ‘Centre of Earth Observation’ (CEO) programme. The subject of the study was the design and implementation of tools that allow status and utilisation monitoring of networks and distributed information servers. In the specific case of the CEO programme, these information servers are accessible via the WWW and contain large amounts of earth observation data (e.g. satellite pictures). The work division within the project was that ESYS investigated the management applications, which had to run on top of HP-Openview, and the CTIT designed and implemented the management agents. These agents had to include the following Management Information Bases (MIBs): • A HTTP-MIB, with detailed information concerning the WWW document transfer protocol. • A Retrieval Service (RS) MIB, with high level information concerning the WWW document transfer service. • An Information Store (IS) MIB, with information concerning the WWW server and the documents provided by that server. The specifications of these MIBs were presented to the IETF and provided a good starting point for subsequent standardization activities. The agents were implemented as sub-agents of the EMANATE extensible agent package and are currently being tested in a number of field trials

Development of a Network Monitoring System for Ship's Network Security Using SNMP

Nowadays, the risk of unauthorized access or malicious attacks on ship’s systems onboard internally or externally is possible to be a threat to the safe operation of ship’s network. According to the requirements of IEC (International Electro-Technical Commission) 61162-460 network standard, a secure 460-Network is designed for safety and security of networks on board ships and developed a network monitoring software application for monitoring the 460-Network. Therefore, in this thesis to secure the ship’s network, ship’s security network is designed and implemented by using 460-Switch, 460-Nodes, 460-gateway that contains firewalls and DMZ (Demilitarized Zone) with various security application servers in compliance with IEC 61162-460. Also, 460-firewall is used to permit/deny traffic to/from unauthorized networks. 460-NMS (Network Monitoring System) is a network monitoring software application, developed by using SNMP (Simple Network Management Protocol) SharpNet library with.Net 4.5 frameworks and backhand SQLite database management which are used to manage the network information. 460-NMS configures 460-Switch and communicates by SNMP, SNMP Trap, and Syslog to gather the network information and status of each 460-Switch interface. 460-NMS analyze and monitors the 460-Network load, traffic flow, current system status, network failure, or detect unknown device connection. It notifies the system administrator via alarms, notifications or warnings in case if any network problem occurs. To confirm the performance of the designed 460-Network according to the requirements of IEC 61162-460 standard: First, the laboratory is composed of the dedicated network with CISCO 460-Switch, 460-Gateway, Fortigate 460-Firewall, and lab computers. These network devices exclude from external networks such as the internet. The 460-NMS is connected with configured laboratory network to analyze and monitor the network traffic flow, load and device connections by using SNMP. Second, the test of 460-NMS is carried out in a company’s network. That is very complex network environment which includes IEC 61162-460, IEC 61162-450, IEC 61162-3 (NMEA 2000), IEC 61162-1, -2 (NMEA 0183) data networks with 450-Gateway, Gateway 450 to 0183, Gateway N2K to 0183, and Gateway 0183 to N2K and excludes from unauthorized networks. Finally after testing, it is confirmed that the 460-NMS analyzes, monitors the whole 460-network and notifies and warns abnormal status of 460-network as the requirements of IEC 61162-460 international standards.ABSTRACT IX 1. INTRODUCTION 1 1.1 MOTIVATION 1 1.2 STUDY IDEA 4 2. INTERNATIONAL STANDARDS OF SHIP NETWORK 5 2.1 OVERVIEW 5 2.2 SHIP’S DATA NETWORK 7 2.3 IEC 61162-1, IEC 61162-2, NMEA 0183 8 2.4 IEC 61162-3, NMEA 2000 10 2.4.1 CAN 11 2.4.2 NMEA 2000 Messages 12 2.5 IEC 61162-450 14 2.5.1 Function Blocks 15 2.5.2 IEC 61162-450 Message 16 2.5.3 IEC 61162-1 sentence 17 2.6 IEC61162-460 18 2.6.1 Objectives 18 2.6.2 Scope 19 3. 460-NETWORK REQUIREMENTS 21 3.1 OVERVIEW 21 3.1.1 Network Components 21 3.2 460-NETWORK TRAFFIC MANAGEMENT REQUIREMENTS 24 3.2.1 460-Node Requirements 24 3.2.2 460-Switch Requirements 25 3.3 SECURITY REQUIREMENTS 26 3.3.1 Threat Scenarios 26 3.3.2 Internal Network Security Requirements 29 3.3.3 Uncontrolled Network security requirements 30 3.4 460-GATEWAY REQUIREMENTS 32 3.5 IEC 61162 460-NMS REQUIREMENTS 34 3.5.1 460-Node 34 3.5.2 460-Switch 34 3.5.3 Network load-monitoring requirements 35 3.5.4 Syslog recording function requirements 36 3.5.5 SNMP requirements 37 4. 460-GATEWAY DESIGN AND SNMP 38 4.1 SNMP 38 4.1.1 SNMP Components 38 4.1.2 SNMP Versions 39 4.1.3 MIB 41 4.1.4 Syslog 44 4.2 CISCO SWITCH 49 4.2.1 Initial configuration for the Switch 50 4.2.2 IP Configuration 52 4.2.3 SNMP Configuration 53 4.2.4 Syslog Configuration 54 4.3 IEC 61162-460-GATEWAY DESIGN AND 460-NETWORK CONFIGURE 55 5. DESIGN OF A 460-NMS 58 5.1 460-NMS ARCHITECTURE 59 5.2 460-NMS DESIGN AND TOOLS 61 5.2.1 Application Interface 61 5.2.2 Database 62 5.2.3 Backhand developing 62 5.3 ENTITY—RELATIONSHIP DIAGRAMS (ERD) MODEL OF 460-NMS 63 5.4 TRAFFIC FLOW INFORMATION LISTS OF 460-NMS 64 5.5 SNMP MIB DATA PARSING 66 5.5.1 SNMP message parsing 68 5.5.2 SNMP Trap 69 5.5.3 Syslog Parsing 69 6. IMPLEMENTATION AND TESTING OF 460-NMS 70 6.1 460-NMS INTERFACE 70 6.1.1 Login Wizard 70 6.1.2 Main Form 70 6.2 460-NMS TESTING 72 6.2.1 Lab Test 72 6.3 REAL NETWORK TEST 78 7. CONCLUSION 87 REFERENCES 88 APPENDIX 91 1. INFORMATION LIST OF 460-NMS DATABASE 91 2. SYSLOG MESSAGE 94 3. SNMP VERSIONS 96 4. SNMP MESSAGE 97Maste

Trends in Computer Network Modeling Towards the Future Internet

This article provides a taxonomy of current and past network modeling efforts. In all these efforts over the last few years we see a trend towards not only describing the network, but connected devices as well. This is especially current given the many Future Internet projects, which are combining different models, and resources in order to provide complete virtual infrastructures to users. An important mechanism for managing complexity is the creation of an abstract model, a step which has been undertaken in computer networks too. The fact that more and more devices are network capable, coupled with increasing popularity of the Internet, has made computer networks an important focus area for modeling. The large number of connected devices creates an increasing complexity which must be harnessed to keep the networks functioning. Over the years many different models for computer networks have been proposed, and used for different purposes. While for some time the community has moved away from the need of full topology exchange, this requirement resurfaced for optical networks. Subsequently, research on topology descriptions has seen a rise in the last few years. Many different models have been created and published, yet there is no publication that shows an overview of the different approaches.