SNMP Security

SNMP lacks any authentication capabilities, which results in vulnerability to a variety of security threats. These include masquerading occurrences, modification of information, message sequence and timing modifications, and disclosure. Masquerading consists of an unauthorized entity attempting to perform management operations by assuming the identity of an authorized management entity. Modification of information involves an unauthorized entity attempting to alter a message generated by an authorized entity so that the message results in unauthorized accounting management or configuration management operations.

Message sequence and timing modifications occur when an unauthorized entity recorders, delays or copies and later replays a message generated by an authorized entity. Disclosure results when an unauthorized entity extracts values stored in managed objects or learns of notifiable events by monitoring exchanges between managers and agents. Because SNMP does not implement authentication, many vendors do not implement Set operations, thereby reducing SNMP to a monitoring facility.

SNMPv2 is incompatible with SNMPv1 in two key areas: message formats and protocol operations. SNMPv2 message use different header and protocol data unit (PDU) formats than SNMPv1 message. SNMPv2 also uses two protocol operations that are not specified in SNMPv1. Furthermore, RFC 1908 defines two possible SNMPv1/v2 coexistence strategies: proxy agents and bilingual network-management systems.

SNMP Management

SNMP is a distributed-management protocol. A system can operate exclusively as either an NMS or an agent, or it can perform the functions of both. When a system operates as both an NMS and an agent, another NMS might require that the system query manage devices and provide a summary of the information learned or that it report locally stored management information.

SNMP and Data Representation

SNMP must account for and adjust to incompatibilities between managed devices. Different computers use different data representation techniques, which can compromise the capability of SNMP to exchange information between managed devices. SNMP uses a subset of Abstract Syntax Notation One (ASN.1) to accommodate communication between diverse systems.

SNMP Basic Commands

Managed devices are monitored and controlled using four basic SNMP commands: read, write, trap and traversal operations.

• The read command is used by an NMS to monitor managed devices. the NMS examines different variable that are maintained by managed devices.

• The write command is used by an NMS to control managed devices. The NMS changes the values of variable stored within managed devices.

• The trap command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.

• Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.

SNMP Version 2

SNMP version 2 (SNMPv2) is an evolution of the intial, SNMPv1. Originally, SNMPv2 was published as a set of proposed Internet standards in 1993; currently, it is a draft standard. As with SNMPv1, SNMPv2 functions within the specifications of the Structure of Management Information (SMI). In theory, SNMPv2 offers a number of improvements to SNMPv1, including additional protocol operations.

The structure of Management Information (SMI) defines the rules for describing management information, using ASN.1. The SNMPv2 SMI is described in RFC 1902. It makes certain additions and enhancements to the SNMPv1 SMI-specific data types, such as including bit strings, network addresses and counters. Bit strings are defined only in SNMPv2 and comprise zero or more named bits that specify a value. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses, but SNMPv2 can support other types of addresses as well. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined.

The SNMPv2 SMI also specifies information modules, which specify a group of related definitions. Three types of SMI information modules exists: MIB modules, compliance statements, and capability statements. MIB modules contain definitions of interrelated managed objects. Compliance statements provide a systematic way to describe a group of managed objects that must be implemented for conformance to standard. Capability statements are used to indicate the precise level of support that an agent claims with respect to a MIB group. An NMS can adjust its behavior toward agents according to the capabilities statements associated with each agent.

SNMP Version 1

SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. It is described in Request For Comments (RFC) 1157 and functions within the specifications of the Structure of Management Information (SMI). SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP) and Novell Internet Packet Exchange (IPX), SNMPv1 is widely used and is the de facto network-management protocol in the Internet community.

The Structure of Management Information (SMI) defines the rules for describing management information, using Abstract Syntax Notation One (ASN.1). The SNMPv1 SMI is defined in RFC 1155. The SMI makes three key specifications: ASN.1 data types, SMI-specific data types and SNMP MIB tables.

The SNMPv1 SMI specifies that all managed objects have a certain subset of Abstract Syntax Notation One (ASN.1) data types associated with them. Three ASN.1 data types are required: name syntax and encoding. The name serves as the object identifier (object ID). The syntax defines the data type of the object (for example, integer or string). The SMI uses a subset of the ASN.1 syntax definitions. The encoding data describes how information associated with a managed object is formatted as a series of data items for transmission over the network.

The SNMPv1 SMI specifies the use of a number of SMI-specific data types, which are divided into two categories: simple data types and application-wide data types. Three simple data types are defined in the SNMPv1 SMI, all of which are unique values: integers, octet strings, and object IDs. The integer data type is a signed integer in the range of -2,147,483,648 to 2,147,483,647. Octet strings are ordered sequences of 0 to 65,535 octets. Object IDs come from the set of all object identifiers allocated according to the rules specified in ASN.1.

Seven application-wide data types exist in the SNMPv1 SMI: network addresses, counters gauges, time ticks, opaques, integers and unsigned integers. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses. Counters are non-negative integers that increase until they reach a maximum value and then return zero. In SNMPv1, a 32 bit counter size is specified. Gauges are non-negative integers that can increase or decrease but that retain the maximum value reached. A time tick represents a hundredth of a second since some event. A opaque represents an arbitrary encoding that is used to pass arbitrary information strings that do not conform to the strict data typing used by the SMI. An integer represents signed integer-valued information. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI. An unsigned integer represents unsigned integer-valued information and is useful when values are always non-negative. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.

Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. By using SNMP to access management information data, network administrators can more easily manage network performance and find and solve network problems and plan for network growth. Two versions of SNMP exist namely:

• SNMP version 1 (SNMPv1)
• SNMP version 2 (SNMPv2)

An SNMP-managed network consists of three key components: managed devices, agents and network-management systems (NMSs). A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts or printers.

An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. An NMS executes application that monitor and control managed devices. NMSs provide that bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.

Accounting Management

The goal of accounting management is to measure network utilization parameters so that individual or group uses on the network can be regulated appropriately. Such regulation minimizes network problems (because network resources can be apportioned based on resource capacities) and maximizes the fairness of network access across all users.

In performance management, the first step toward appropriate accounting management is to measure utilization of all important network resources. Analysis of the results provides insight into current usage patterns and usage quotas can be set at this point. Some correction, of course, will be required to reach optimal access practices. from this point, ongoing measurement of resource use can yield billing information as well as information used to assess continued fair and optimal resource utilization.

Security Management

The goal of security management is to control access to network resources according to local guidelines so that the network cannot be sabotaged (intentionally or unintentionally) and sensitive information cannot be accessed by those without appropriate authorization. A security management subsystem, for example, can monitor users logging on to a network resource and can refuse access to those who enter inappropriate access codes.

Security management subsystems work by partitioning network resources into authorized and unauthorized areas. For some users, access to any network resource is inappropriate, mostly because such users are usually company outsiders. For other (internal) network users, access to information originating from a particular department is inappropriate. Access to Human Resource files, for example, is inappropriate for most users outside the Human Resources department.

Security management subsystems perform several functions. They identify sensitive network resources (including systems, files, and other entities) and determine mappings between sensitive network resources and user sets. They also monitor access points to sensitive network resources and log appropriate access to sensitive network resources.

• Authentication: Authentication is the process of identifying users, including login and password dialog, challenge and response and messaging support. Authentication is the way a user is identified prior to being allowed access to the router or switch. There is a fundamental relationship between authentication and authorization. The more authorization privileges a user receives, the stronger the authentication should be.

• Authorization: Authorization provides remote access control, including one-time authorization and authorization for each service that is requested by the user. On a Cisco router, the authorization level range for users is 0 to 15 with 0 being the lowest level and 15 the highest.

• Accounting: Accounting allows for the collecting and sending of security information used for billing, auditing, and reporting, such as user identities, start and stop times and executed commands. Accounting enables network managers to track the services that users are accessing as well as the amount of network resources they are consuming.

Performance Management

The goal of performance management is to measure and make available various aspects of network performance so that internetwork performance can be maintained at an acceptable level. Example of performance variables that might be provided include network throughput, user response times and line utilization.

Performance management involves three main steps. First, performance data is gathered on variables of interest to network administrators. Second, the data is analyzed to determine normal (baseline) levels. Finally, appropriate performance thresholds are determined for each important variable so that exceeding these thresholds indicates a network problem worthy of attention.

Management entities continually monitor performance variables. When a performance threshold is exceeded, an alert is generated and sent to the network management system.

Each of the steps just described is part of the process to set up a reactive system. When performance becomes unacceptable because of an exceeded user-defined threshold, the system reacts by sending a message. Performance management also permits proactive methods: For example, network simulation can be used to project how network growth will affect performance metrics. Such simulation can alert administrators to impending problems so that counteractive measures can be taken.

Fault Detection and Notification

The purpose of fault management is to detect, isolate, notify and correct faults encountered in the network. Network devices are capable of alerting management stations when a fault occurs on the systems. An effective fault management system consists of several subsystems. Fault detection is accomplished when the devices send SNMP trap messages, SNMP polling, remote monitoring (RMON) thresholds and syslog messages. A management system alerts the end user when a fault is reported and corrective actions can be taken.

Fault detection and monitoring of network elements can be expanded from the device level to the protocol and interface levels. For a network environment , fault monitoring can include Virtual Local Area Network (VLAN), asynchronous transfer mode (ATM), fault indications on physical interfaces and so forth.

Troubleshooting Infrastructure

Trivial File Transfer Protocol (TFTP) and system log (syslog) servers are crucial components of a troubleshooting infrastructure in network operations. The TFTP server is used primarily for storing configuration files and software images for network devices. Routers and switches are capable of sending system log messages to a syslog server. The messages facilitate the troubleshooting function when problems are encountered.

Network Management Platforms

A network management platform deployed in the enterprise manages an infrastructure that consists of multivendor network elements. The platform receives and processes events from network elements in the network. Events from servers and other critical resources can also be forwarded to a management platform. The following commonly available functions are included in a standard management platform:

• Network discovery


• Topology mapping of network elements


• Event handler


• Performance data collector and grapher


• Management data browser.

Network management platforms can be viewed as the main console for network operations in detecting faults in the infrastructure. The ability to detect problems quickly in any network is critical. Network operations personnel can rely on a graphical network map to display the operational states of critical network elements such as routers and switches.

Network management platforms such HP OpenView, Computer Associates Unicenter and SUN Solstice can perform a discovery of network devices. Each network device is represented by a graphical element on the management platform's console. Different colors on the graphical elements represent the current operational status of network devices. Network devices can be configured to send notifications, called SNMP traps, to network management platforms. Upon receiving the notifications, the graphical element representing the network device changes to a different color depending on the severity of the notification received. The notification, usually called an event, is placed in a log file.

A number of network management platforms are capable of managing multiple geographically distributed sites. This is accomplished by exchanging management data between management consoles at remote sites with a management station at the main site. The main advantage of a distributed architecture is that it reduces management traffic, thus, providing a more effective usage of bandwidth. A distributed architecture also allows personnel to locally manage their networks from remote sites with systems.

A recent enhancement to management platforms is the ability to remotely management network elements using a web interface. This enhancement eliminates the need for special client software on individual user stations to access a management platform.

A typical enterprise is comprised of different network elements. However, each device normally requires vendor-specific element management systems in order to effectively manage the network elements. Therefore, duplicate management stations may be polling network elements for the same information. The data collected by different systems is stored in separate databases, creating administration overhead for users. This limitation has prompted networking and software vendors to adopt standards such as Common Object Request Broker Architecture (CORBA) and Computer-Integrated Manufacturing (CIM) to facilitate the exchange of management data between management platforms and element management systems. With vendors adopting standards in management system development, users can expect interoperability and cost savings in deploying and managing the infrastructure.

Fault Management

The goal of fault management is to detect, log, notify users of and (to the extent possible) automatically fix network problems to keep the network running effectively. Because faults can cause downtime or unacceptable network degradation, fault management is perhaps the most widely implemented of the ISO network management elements.

Fault management involves first determining symptoms and isolating the problem. Then the problem is fixed and the solution is tested on all-important subsystems. Finally, the detection and resolution of the problem is recorded.

Configuration Management

The goal of configuration management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed.

Each network device has a variety of version information associated with it. An engineering workstation, for example, may be configured as follows:

• Operating system, Version 3.2
• Ethernet interface, Version 5.4
• TCP/IP software, Version 2.0
• NetWare software, Version 4.1
• NFS software, Version 5.1
• Serial communication controller, Version 1.1
• X.25 software, Version 1.0
• SNMP software, Version 3.1

Configuration management subsystems store this information in a database for easy access. When a problem occurs, this database can be searched for clues that may help solve the problem.

Internet and IEEE Network Management Standards

The Internet is a computer network made up to thousands of networks worldwide. All computers on the Internet communicate with one another using the Transmission Control Protocol/Internet Protocol suite, abbreviated to TCP/IP. Computers on the Internet use a client/server architecture. This means that the remote server machine provides files and services to the user's local client machine. Software can be installed on a client computer to take advantage of the latest access technology.

The Internet consists primarily of variety of access protocols. Many of these protocols feature programs that allow users to search for and retrieve material made available by the protocol. An Internet user has access to a wide variety of services: electronic mail, file transfer, vast information resources, interest group membership, interactive collaboration, multimedia displays, real-time broadcasting, shopping opportunities, breaking news and much more.

The World Wide Web (abbreviated as the Web or WWW) is a system of Internet servers that supports hypertext to access several Internet protocols on a single interface Almost every protocol type available on the Internet is accessible on the Web. This include e-mail, FTP, Telnet, and Usenet News. In addition to these, the World Wide Web has its own protocol: HyperText Transfer Protocol, or HTTP.

The World Wide Web provides a single interface for accessing all these protocols. This creates a convenient and user-friendly environment. It is no longer necessary to be conversant in these protocols within separate, command-level environments. The Web gathers together thse protocols into a single system. Because of this feature, and because of the Web's ability to work with multimedia and advanced programming languages, the World Wide Web is the fastest-growing component of the Internet.

IEEE has developed a set of network standards. They include:

IEEE 802.1 - Specifies Network Management Standards.

IEEE 802.2 - Specifies the General standard for the OSI Reference Model data link layer.

IEEE 802.3 - Defines the Media Access Control layer for bus networks that use CSMA/CD.

IEEE 802.4 - Defines the Media Access Control layer for bus networks that use a token-passing mechanism.

IEEE 802.5 - Defines the MAC layer for token Ringh Network.

IEEE 802.6 - Defines MAN's (Metropolitan Area Network) Standard.

IEEE 802.7 - Broadband Technical advisory group.

IEEE 802.8 - Fibre Optic Technical advisory group.

IEEE 802.9 - ISDN (Integrated Services Digital Network).

IEEE 802.10 - Specifies Network Security Standards.

IEEE 802.11 - Specifies Wireless Network Standards.

IEEE 802.12 - Specifies 100 VG Any LAN Standards.

IEEE 802.14 - Specifies Cable Modem Standards.

Overview of OSI - Layer Model

Layer 1 of the layer model is the Physical Layer and defines the physical and electrical characteristics of the network. The NIC cards in the PC and the interfaces on the routers all run at this level and eventually have to pass strings of ones and zeros down the wire.

Layer 2 is known as the Data Link Layer. It defines the access strategy for sharing the physical medium, including data link and media access issues. Protocols such as PPP, SLIP and HDLC exist here.

On an Ethernet, of course, access is governed by a device's MAC address, the six byte number that is unique to each NIC. Devices which depend on the level include bridges and switches, which learn which segment's devices are on by learning the MAC addresses of devices attached to various ports.

This is how bridges are eventually able to segment off a large network, only forwarding packets between ports of two devices on separate segments need to communicate. Switches quickly learn a topology map of the network and can thus switch packets between communicating devices very quickly. It is for this reason that migrating a device between different switch ports can cause the device to lose network connectivity for a while, until the switch, or bridge, re-ARP's.

Layer 3 is the Network Layer, providing a means for communicating open systems to establish, maintain and terminate network connections. The IP protocol exists at this layer and so, do some routing protocols. All the routers in the network are operating at this layer.

Layer 4 is the Transport Layer, and is where TCP exists. The standard says that "The Transport Layer relieves the Session Layer of the burden of ensuring data reliability and integrity". It is for this reason that people are becoming very excited about the new Layer 4 switching technology.

Before these devices became available, only software operated at this layer. Hopefully, you will now also understand why TCP/IP is uttered in one breath. TCP over IP, since Layer 4 is above (over) Layer 3. It is at this layer that, should a packet fail to arrive (perhaps due to misrouting, or because it was dropped by a busy router), it will be retransmitted, when the sending party fails to receive an acknowledgement from the device with which it is communicating.

The more powerful routing protocols also operate here, OSPF and BGP, for example, are implemented as protocols directly over IP.

Layer 5 is the Session Layer. It provides for two communicating presentation entities to exchange data with each other.

The Session Layer is very important in the E-commerce field since, once a user starts buying items and filling their "shopping basket" on a Web server, it is very important that they are not load-balanced across different servers in a server pool. This is why, clever as Layer 4 switching is , these devices still operate software to look further up the layer model. They are required to understand when a session is taking place, and not to interfere with it.

Layer 6 is the Presentation Layer. This is where application data is either packed or unpacked, ready for use by the running application. Protocol conversions, encryption/decryption and graphics expansion all takes place here.

Finally, Layer 7 is the Application Layer. This is where you find your end-user and end-application protocols, such as telnet, ftp and mail (pop3 and smtp).

The Stack Our imaginary listener, eavesdropping on the conversations of network engineers, would hear them refer to IP stacks quite frequently. They are called stacks because, in order to get a packet from an application running on device A to an application running on device B, the packets have to descend and then re-ascent the layers (the stack).

Consider the following example:

An application forms a packet of data to be sent; this takes place at Layer 7. As the packet descents the stack, it is wrapped in headers and trailers, as required by the various protocols, until, having reached Layer 1, it is transmitted as a frame across the medium in use.

Upon reaching device B, it reascends the stack, as the device strips off the appropriate headers and trailers, delivering just the application data to the application. The OSI tried to keep to as few layers as possible for the sake of simplicity. The fact that the 7-Layer model is universally used to describe where a device or protocol sits in the scheme of things shows that the designers did an excellent job of achieving their aims.

Bridges, switches and most network devices keep a table mapping IP addresses to Media Access addresses. Moving a device between ports invalidates these tables and hence the device's view of the world.

Fortunately, the devices age their table entries, typically clearing them out five minutes after the last time a packet was seen from a particular entity. This is sometimes called re-ARPing. Most bridges and switches provide management functions to allow you to clear the ARP entry manually, should you have needed to move a device due to a failed port.

Overview of OSI

The ISO (International Standards Organization) has created a layered model, called the OSI (Open Systems Interconnect) model, to describe defined layers in a network operating system. The purpose of the layers is to provide clearly defined functions that can improve Internetwork connectivity between "computer" manufacturing companies. Each layer has a standard defined input and a standard defined output.

The OSI Reference model defines seven layers that describe how applications running upon network-aware devices may communicate with each other. The model is generic and applies to all network types, not just TCP/IP and all media types, not just Ethernet. It is for this reason that any network technician will glibly throw around the term "Layer 4" and expect to be understood.

It should be noted however, that most protocols in day-to-day use work on a slightly modified layer system. TCP/IP, for example, uses a 6-rather that a 7-layer model. Nevertheless, in order to ease the exchange of ideas, even those who only ever use TCP/IP will refer to the 7-layer model when discussing networking principles with peers from a different networking background.

Confusingly, the OSI was a working group within the ISO (International Standards Organisation) and therefore,many people refer to the OSI Reference model as the ISO Reference model. They are referring to the same thing.

Traditionally, layer diagrams are drawn with Layer 1 at the bottom and Layer 7 at the top. The remainder of this article describes each layer, starting from the bottom and explains some of the devices and protocols that may be found in the data centre operating at this layer.

Hubs

Provide full bandwidth to each client, unlike BUS networks where the bandwidth is shared. Often include buffering of packets and filtering, so that unwanted packets (or packets which contain errors) are discarded. In standard ethernet, all stations are connected to the same network segment in bus configuration. Traffic on the bus is controlled using the CSMA protocol and all stations share the available bandwidth.

Hubs dedicate the entire bandwidth to each port (workstation). The workstations attach to the hub using UTP. The hub provides a number of ports, which are logically combined using a single backplane, which often runs at a much higher data rate than that of the ports. Ports can also be buffered, to allow packets to be held in case the hub or port is busy. As each workstation has their own port, they do not contend with other workstations for access, having the entire bandwidth available for their exclusive use.

The ports on a hub all appear as one single ethernet segment. In addition, hubs can be stacked or cascaded (using master /slave configurations) together, to add more ports per segment. As hubs do not count as repeaters, this is a better option for adding more workstations than the use of a repeater.

Hub options also include SNMP (Simple Network Management Protocol) agent. This allows the use of network management software to remotely administer and configure the hub. Detailed statics related to port usage and bandwidth is often available, allowing informed decisions to be made concerning the state of the network.

Routers

Packets are only passed to the network segment they are destined for. They work similar to bridges and switches in that they filter out unnecessary network traffic and remove it from network segments. Routers generally work at the protocol level. Routers were devised in order to separate networks logically. For instance, a TCP/IP router can segment the network based on IP subnets. Filtering at this level ( on IP addresses) will take longer than that of a bridge or switch which only looks at the MAC layer.

Most routers can also perform bridging functions. A major feature of routers, because they can filter packets at a protocol level, is to act as a firewall. This is essentially a barrier, which prevents unwanted packets either entering or leaving the network.

Typically, an organization which connects to the Internet will install a router as the main gateway link between their network and the outside world. By configuring the router with access lists (which define what protocols and what hosts have access ) this enforces security by restricted (or allowing) access to either internal or external hosts.

For example, an internal WWW server can be allowed IP access from external networks, but other company servers which contain sensitive data can be protected, so that external hosts outside the company are prevented access.

Bridges

Bridges were originally designed to interconnect Ethernet segments together. Most bridges today support filtering and forwarding, as well as Spanning Tree Algorithm. The IEEE 802.1D specification is the standard for bridges.

During initialization, the bridges learns about the network and the routes. Packets are passed onto other network segments based on the MAC layer. Each time the bridge is presented with a fame, the source address is stored. The bridge builds up a table which identifies the segment to which the device is located on. This internal table is then used to determine which segment incoming frames should be forwarded to. The size of this table is important, especially if the network has a large number of workstations/servers.

The advantages of bridges are:

• increase the number of attached workstations and network segments.
• since bridges buffer frames, it is possible to interconnect different segments which use different MAC protocols.
• since bridges work at the MAC layer, they are transparent to higher level protocols.
• by subdividing the LAN into smaller segments, this increases overall reliability, and makes the network easier to maintain.

The disadvantages of bridges are

• the buffering of frames introduces network delays.
• bridges may overload during periods of high traffic.
• bridges which combine different MAC protocols require the frames to be modified before transmission onto the new segment. This causes delays.

Transparent bridges (also known as spanning tree IEEE 802.1D) make all routing decisions. The bridge is said to be transparent (invisible) to the workstations. The bridge will automatically initialize itself and configure its own routing information after it has been enabled.

Bridges are ideally used in environments where there a number of well defined workgroups, each operating more or less independent of each other, with occasional access to servers outside of their localized workgroup or network segment. Bridges do not offer performance improvements when used in diverse or scattered workgroups, where the majority of access occurs outside of the local segments.

The two separate network segments can be connected via a bridge. Note that each segment must have a unique network address number in order for the bridge to be able to forward packets from one segment to the other.

Ideally, if workstations on network segment A needed access to a server, the best place to locate that server is on the same segment as the workstations, as this minimizes traffic on the other segment and avoids the delay incurred by the bridge.

Repeaters

Repeaters connect multiple network segments together. They amplify the incoming signal received from one segment and send it on to all other attached segments. This allows the distance limitations of network cabling to be extended. There are limits on the number of repeaters which can be used. The repeaters counts as a single node in the maximum node count associated with the Ethernet standard.

Repeaters also allow isolator of segments in the event of failures or fault conditions. Disconnecting one side of a repeaters effectively isolates the associated segments from the network. Using repeaters simply allows extending the network distance limitations.

It should be noted that the network number assigned to the main network segment and the network number assigned to the other side of the repeater are the same. In addition, the traffic generated on one segment is propagated onto the other segment. This causes a rise in the total amount of traffic, so if the network segments are already heavily loaded, it is not a good idea to use a repeater.

Network Management Components

Large networks are made by combining several individual network segments together, using appropriate devices like routers and/or bridges. When network segments are combined into a single large network, paths exist between the individual network segments. These paths are called routes and devices keep tables which define how to get to a particular path. When a packet arrives, the router/bridge will look at the destination address of the packet and determine which network segment the packet is to be transmitted on in order to get to its destination.

Approaches to Network Management

Managing Computer networks can be a reactive process, set in motion by one or more indicators of an existing problem, or it can be a predictive process, initiated by indicators of the potential for problems in the near future. It is better to predict and avoid network faults (when possible) than it is to detect and repair faults once they occur. This approach is called network steering because the network manager tries to steer the network away from potentially dangerous interactions. Network steering distributes the network manager's work over time, freeing resources for unpredictable faults when they arise.

Consider a trap message generated in response to some feature of a managed object's state exceeding a threshold, such as the number of packets dropped by a router due to a lack of buffer space. It may be that values of that feature as they change over time are correlated with other features of the same object's sate or with features of the state of other objects in the network. If one could find such correlations and use them to predict future states of managed objects, then it would be possible to intervene before the threshold is exceeded and avoid the pathological state that would generate a trap. Note that predicted and existing faults are handled in much the same way. The isolation, diagnosis, and remediation phases following predication or detection of a fault are the same and the same mechanisms can be used in both cases. The advantage afforded by a predictive component is that problems are solved before they reach significant levels, thereby keeping the operation and performance of the network more stable.

Introduction to Network Management

Network Management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks. It involves a distributed database, autopolling of network devices, and high-end workstations generating real-time graphical views of network topology changes and traffic.

Mail Server

When a mail is sent it has to reach its proper destination. In order that the mail is sent to the proper destination, the destination site has to be running a program called a mail server that listens for requests to deliver mail. The mail server does the following:

• Accept the message and store it in the expected mailbox.
• Forward the message somewhere else, usually to a place specified by the owner of the mailbox,but possibly to a mailing list.
• Reject the message as undeliverable, either because the mailbox does not exist or because the mailbox is full or because the server is facing some temporary problems.

There are basically two kinds of mail servers based on the protocol. They are:

• Basic Simple Mail Transfer Protocol (SMTP) delivery. The server translates the mailbox name into a local file name and appends the message to the file.
• Post Office Protocol (POP) delivery. The server still stores messages somewhere, in a place derived from the mailbox name. However, it allows mail-receiving connections from other Internet sites. The mail agent on the recipient's site knows to open an Internet connection to the POP server, request contents of particular messages and (optionally) remove messages from the server's mailbox.

POP service is newer than SMTP service; it has the large advantage that the mail can be accessed from anywhere on the Internet, without logging into the server.

Electronic Mail

Electronic mail or e-mail involves transmission of messages over communication network. The messages can be notes or files. Some electronic-mail systems are confined to a single computer or network, but others have gateways to other computer systems, enabling users to send electronic mail anywhere in the world. Companies that are fully computerized make extensive use of e-mail because it is fast, flexible and reliable.

Electronic communication, because of its speed and broadcasting ability, is fundamentally different from paper-based communication. Because the turnaround time can be so fast, email is more conversational than traditional paper-based media.

Most e-mail systems include a rudimentary text editor for composing and editing messages. A message is sent to the recipient by specifying the recipient's address. An address is a text string of the form mailbox@site. The second part is a string identifying a particular site on the Internet; the first part is a string identifying a particular mailbox at that site. For example, consider a mail id like abc_def@yahoo.com. In this case, abc_def is the username and yahoo.com is the website.

Every Internet site has an Internet Protocol (IP) address, specified as four decimal numbers (each in the range 0-255) separated by dots. The transport service sends the site name string to a Domain Name Server (DNS), which translates the name into an IP address. The transport service then starts up an Internet connection to the given IP address and task the destination site to deliver mail to the given mailbox.

A message can be sent to several users at once. This is called broadcasting. The sent message are stored in electronic mailboxes of the recipient. The recipient has to check the mailbox to see if mail has been received and can decide on whether to save it or remove it off the mailbox.

Different e-mail systems use different formats and there are some emerging standards that make it possible for users on all systems to exchange messages. An important e-mail standards is MAPI. The CCITT standards organization has developed the X.400 standard, which attempts to provide a universal way of addressing messages.

Network Security

Computer security is primarily concerned with controlling how data are shared for reading and modifying. Often it becomes necessary that people inside and outside of the organization need to share information. An examination of the potential problems that can arise on a poorly secured system will help in understanding the need for security. Three basic kinds of malicious behavior are:

1. Denial of service: This occurs when a hostile entity uses a critical service of the computer system in such a way that no service or severely degraded service is available to others. Denial of service is a difficult attack to detect and protect against. An example of denial of service is an Internet attack, where an attacker requests a large number of connections to an Internet server. Through the use of an improper protocol, the attacker can leave a number of the connections half open. Most systems can handle only a small number of half-open connections before they are no longer able to communicate with other systems on the net. The attack completely disables the Internet server.




2. Compromising the integrity of the information: Most people consider that the information stored on the computer system is accurate. If the information loses its accuracy, the consequences can be extreme. For example, if competitors hacked in to a company's data base and deleted customer records, a significant loss of revenues could result. Users must be able to trust that data are accurate and complete.




3. Disclosure of information: Probably the most serious attack is disclosure of information. If the information taken off a system is important to the success of an organization, it has considerable value to a competitor. Corporate espionage is real threat, especially from foreign companies, where the legal reprisals are much more difficult to enforce. Insiders also pose a significant threat. Limiting user access to the information needed to perform specific jobs increases data security dramatically.

However, most secure systems are difficult to work with and require extra development time. Networks connect large numbers of users to share information and resources, but network security depends heavily on the corporation of each user. Security is a strong as the weakest link.

Organizations should have a security program to assure that each automated system has a level of security that is commensurate with the risk and magnitude of the harm that could result from the loss, misuse, disclosure or modification of the information contained in the system. Each system's level of security must protect the confidentiality, integrity and availability of the information. Specifically, this would require that the organization has appropriate technical personnel, administrative, environmental and telecommunications safeguards;a cost-effective security approach, adequate resources to support critical functions and to provide continuity of operation in the event of a disaster.

Companies continue to flock to the Internet in ever-increasing numbers, despite the fact that the overall and underlying environment is not secure. To further complicate the matter, vendors, standards bodies, security organizations and practitioners cannot agree on a standard, compliant and technically available approach. As a group of investors concerned with the success of the Internet for business purposes, it is critical to pull the collective resources and work together to quickly establish and support interoperable security standards; open security interfaces to existing security products and security products and security control mechanisms within other program products; and hardware and software solutions within heterogeneous operating systems which will facilitate smooth transitions.

Having the tools and solutions available within the marketplace is beginning, but strategies and migration paths are also needed to accommodate and integrate Internet, intranet and World Wide Web (WWW) technologies into the existing IT infrastructure. While there are always emerging challenges, introduction of newer technologies, and customers with challenging and perplexing problems to solve, this approach should enable in maximizing the effectiveness of the existing security investments, while bridging the gap to the long awaited and always sought after perfect solution.

Security solutions are slowly emerging, but interoperability, universally accepted security standards, application programming interfaces (APIs) for security, vendor support and cooperation and multi platform security products are still problematic. Where there are products and solutions , they tend to have niche applicability , be vendor-centric or only address one of larger set of security problems and requirements. For the most part, no single vendor or even software/vendor consortium has addressed the overall security problem within "open" systems and public networks. This indicates that the problem is very large.

It is important to keep in mind, as with any new and emerging technology, Internet, intranet and WWW technologies do not necessarily bring new and unique security concerns, risks and vulnerabilities, but rather introduce new problems, challenges and approaches within the existing security infrastructure.

Security requirements, goals and objectives remain the same, while the application of security, control mechanisms and solution sets are different and require the involvement and cooperation of multi disciplined technical and functional area teams. As in any distributed environment, there are more players and it is more difficult to fine or interpret the overall requirements or even talk to anyone who sees or understands the big picture. More people are involved than ever before, emphasizing the need to communicate both strategic and tactical security plans broadly and effectively throughout the entire enterprise. The security challenges and the resultant problems larger and more complex in this environment. Management must be kept up-to-date and thoroughly understand overall risk to the corporation's information assets with the implementation or decisions to implement new technologies. They must also understand, fund and support the influx of resources required to manage the security environment.