A trustworthy mobile agent infrastructure for network management

Despite several advantages inherent in mobile-agent-based approaches to network management as compared to traditional SNMP-based approaches, industry is reluctant to adopt the mobile agent paradigm as a replacement for the existing manager-agent model; the management community requires an evolutionary, rather than a revolutionary, use of mobile agents. Furthermore, security for distributed management is a major concern; agent-based management systems inherit the security risks of mobile agents. We have developed a Java-based mobile agent infrastructure for network management that enables the safe integration of mobile agents with the SNMP protocol. The security of the system has been evaluated under agent to agent-platform and agent to agent attacks and has proved trustworthy in the performance of network management tasks

Protecting SNMP Through MarketNet

As dependency on information technology becomes more critical so does the need for network computer security. Because of the distributed nature of networks, large-scale information systems are highly vulnerable to negative elements such as intruders and attackers. The types of attack on a system can be diverse and from different sources. Some of the factors contributing to creating an insecure system are the relentless pace of technology, the need for information processing, and the heterogeneity of hardware and software. In addition to these insecurities, the growth and success of e-commerce make networks a desirable target for intruders to steal credit card numbers, bank account balances, and other valuable information. This paper looks at two different security technologies, SNMP v3 and MarketNet, their architectures and how they have been developed to protect network resources and services, such as, internet applications, devices, and other services, against attacks

Distributed management based on mobile agents

During the forthcoming years, Internet-based concepts will continue to revolutionize, in an unpredictable way, the mode enterprises provide, maintain and use traditional information technology. Management systems will be a crucial issue in the struggle with this crescent complexity. However, new requirements have to be considered, due to the expectation of enormous quantities of different elements, ranging from an impressive network bandwidth availability to multimedia QoS-constrained services. Many researchers believe that mobile agent paradigm can provide effective solutions on these new scenarios. This paper presents an implementation of management applications supported upon distribution and delegation concepts. For that it uses the current work of IETF’s Disman working group enhanced with mobility provision. The mobility allows the distributed managers to adapt dynamically to a mutable environment optimizing the use of network resources

An Assessment of Practical Hands-On Lab Activities in Network Security Management

With the advancement in technology over the past decades, networks have become increasingly large and complex. In the meantime, cyberattacks have become highly sophisticated making them difficult to detect. These changes make securing a network more challenging than ever before. Hence, it is critical to prepare a comprehensive guide of network security management for students assist them in becoming network security professionals. The objective of this paper is to introduce a variety of techniques related to network security management, such as Simple Network Management Protocol (SNMP), event management, security policy management, risk management, access control, and remote monitoring. With the usage of these techniques, malicious activities from outsiders and misuse by insiders can be effectively monitored and managed. A network learning environment is proposed for students to practice network security management experiments. In addition, hands-on lab exercises are suggested. These activities will help students become familiar with the operations of network security management and allow them to further apply practical skills to protect networks

Location aware self-adapting firewall policies

Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user settings, reconfiguration will be automatic and seamless. The proposed architecture utilizes dynamic firewalls, which adapt their policies according to user locations through the guidance of a policy server. This architecture is composed of a VPN client at user site, a domain firewall with VPN capabilities, a policy server containing a policy decision engine, and policy agents residing in dynamic firewalls, which map policy server decisions to firewall policy rules, at server site

An SNMP filesystem in userspace

Modern computer networks are constantly increasing in size and complexity. Despite this, data networks are a critical factor for the success of many organizations. Monitoring their health and operation sta- tus is fundamental, and usually performed through specific network man- agement architectures, developed and standardized in the last decades. On the other hand, file systems have become one of the best well known paradigms of human-computer interaction, and have been around since early days in the personal computer industry. In this paper we propose a file system interface to network management information, allowing users to open, edit and visualize network and systems operation information

On the use of mobility in distributed network management

Information Technology has been under unprecedented transformations and it is dramatically changing the way of work inside organizations. Information management systems must be adequate to cope with the profound effects of this evolution, which expectations includes the introduction into the networks of enormous quantities of different elements. Mobile agent paradigm seems to be, for many researchers, the right solution to deal with the pressures of these new demands. This paper discuss the issues around mobility of code on network management environments and presents ongoing work that provides mobility capability to distributed managers upon recent work of IETF’s Disman working group

Towards a network management solution for vehicular delay-tolerant networks

Vehicular networks appeared as a new communication solution where vehicles act as a communication infrastructure, providing data communications through vehicle-to-vehicle (V2V) or vehicle-to-infrastructure (V2I) communications. Vehicular Delay-Tolerant Networks (VDTNs) are a new disruptive network architecture assuming delay tolerant networking paradigm where there are no end-to-end connectivity. In this case the incial node transmits the data to a closed node, the data will be carried by vehicles, hop to hop until the destination. This dissertation focuses on a proposal of a network management solution, based standard protocol Simple Network Management Protocol (SNMP) to VDTN networks. The developed solution allows control a VDTN netowork through a Network Management System (NMS) with the objective to detect and, if it’s possible, anticipate, possible errors on network. The research methodology used was the prototyping. So, it was built a network management module to the laboratorial prototype, called VDTN@Lab. The system built include a MIB (Management Information Base) placed in all vehicular network nodes. The solution was built, demonstrated, validated and evaluated their performance, being ready for use.As redes veiculares foram desenhadas para permitir que os veículos possam transportar dados criando assim um novo tipo de redes, caracterizando-se por dois tipos de comunicação: comunicações veículo-para-veículo (V2V) ou comunicações veículo-parainfra-estrutura (V2I). Redes veiculares intermitentes (do Inglês Vehicular Delay-Tolerant Networks - VDTNs) surgiram como uma nova arquitectura de rede de dados onde os veículos são utilizados como infra-estruturas de comunicação. As VDTNs caracterizam-se por serem redes veiculares baseadas no paradigma de comunicações intermitentes. Nas redes VDTN não existe uma ligação permanente extremo a extremo entre o emissor e o receptor. Neste caso, o nó inicial transmite os dados para um nó que esteja junto dele e assim sucessivamente, os dados vão sendo transportados pelos veículos, salto a salto até ao destinatário final. Esta dissertação centra-se na proposta de uma solução de gestão de rede, baseada no protocolo estandardizado Simple Network Management Protocol (SNMP) para redes VDTN. A solução construída permite controlar uma rede VDTN através de um sistema de gestão de rede (do Inglês Network Management System - NMS) com o objectivo de detectar e, se possível antecipar, possíveis erros na rede. A metodologia de investigação utilizada foi a prototipagem. Assim, foi construído um módulo de gestão de redes para o protótipo laboratorial, chamado VDTN@Lab. O sistema construído inclui uma MIB (Management Information Base) que é colocada em todos os nós de uma rede veicular, tanto fixos como móveis. A solução foi construída, demonstrada, validade e avaliado o seu desempenho, estando assim pronta para ser utilizada

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users