Introduction to Version Control and Configuration Management
NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control ...
-
Upload
everett-dennis -
Category
Documents
-
view
219 -
download
4
Transcript of NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control ...
![Page 1: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/1.jpg)
NETWORK CONTROLThe Fourth Meeting
![Page 2: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/2.jpg)
2
Table of Contents
Introduction Configuration Control Security Control
![Page 3: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/3.jpg)
3
Introduction Network control is concerned with modifying parameters
in and causing actions to be taken by the end systems, intermediate systems, and subnetworks that make up the network to be managed
All five functional areas of Network Management involve monitoring and control but configuration and security are more concerned with control
Issues in network control what to control?
• define what is to be controlled how to control?
• how to cause actions to be performed
![Page 4: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/4.jpg)
4
Configuration Management1. Define Configuration Information2. Configuration Monitoring
Examine values and relationships Report on configuration status
3. Configuration Control may be required as a result of monitoring or event reports Initialize and terminate network operations Set and modify attribute values Define and modify relationships
![Page 5: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/5.jpg)
5
Define Configuration InformationIncludes the nature and status of managed resources specification and attributes of resources
Network Resources physical resources
• end systems, routers, bridges, switches, modems, etc. logical resources
• TCP connections, timers, counters, virtual circuits, etc.Attributes name, address, ID number, states, operational
characteristics, # of connections, etc.Control function should be able to define new classes and attributes (mostly done off-line)
define the type and range of attribute values
![Page 6: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/6.jpg)
6
Set and Modify Attribute Valueswhen requesting agents to perform set and modify the manager must be authorized some attributes cannot be modified (e.g., # of physical
ports)Modification categories MIB update only
• does not require the agent to perform any other action• e.g., update of static configuration information
MIB update plus resource modification• requires the agent to modify the resource itself• e.g., changing the state of a physical port to “disabled”
MIB update plus action• perform actions as a side effect of set operation• SNMP takes this approach
![Page 7: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/7.jpg)
7
Define and Modify Relationships
A relationship describes an association, connection, or condition that exists between network resources
topology hierarchy containment physical or logical connections management domain
Configuration control should allow on-line modification of resources without taking all or part of network down
![Page 8: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/8.jpg)
8
Security Management
What should be secured in networks? information security computer security network security
Security Requirements Secrecy
• making information accessible to only authorized users• includes the hiding of the existence of information
Integrity• making information modifiable to only authorized users
Availability• making resources available to only authorized users
![Page 9: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/9.jpg)
9
Security Threats
Interruptiondestroyed or becomes unavailable or unusable threat to “availability”
Interceptionan unauthorized party gains access threat to “secrecy”
Modificationan unauthorized party makes modification threat to “integrity”
Fabricationan unauthorized party inserts false information
Masqueradean entity pretends to be a different entity
![Page 10: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/10.jpg)
10
Types of Security Threats
Informationsource
informationdestination
(a) Normal flow
(b) Interruption(c) Interception
(d) Modification (e) Fabrication
![Page 11: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/11.jpg)
11
Security Threats and Network Assets
. .
. .
DataCommunicationLines
hardware Software
Masquerade
Modification
Interception(capture, analysis)
Interruption(loss)
Masquerade
Modification
Interception(capture, analysis)
Interruption(loss)
Modification
Interception Interruption(deletion)
Interruption(theft, denial of service)
![Page 12: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/12.jpg)
12
Security Management Functions
Maintain Security Informationevent logging, monitoring usage of security-related
resources receiving notification and reporting security violationsmaintaining and examining security logsmaintaining backup copies of security-related files
Control Resource Access Serviceuse access control (authentication and authorization)
• security codes (e.g., passwords)• routing tables, accounting tables, etc.
Control the Encryption Processmust be able to encrypt messages between managers
& agents specify encryption algorithms
![Page 13: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/13.jpg)
13
Summary Network control is concerned with setting
and changing parameters of various parts of network resources as consequences of network monitoring and analysis
Configuration control and security control are two essential aspects of network control
![Page 14: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/14.jpg)
THE BASIC INGREDIENTS OF NETWORK MANAGEMENT
![Page 15: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/15.jpg)
Basic Components of Network Management
![Page 16: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/16.jpg)
The Network Device
The first main component in network management consists of the device that must be managed
In network management parlance, we also call the managed devices network elements (NEs).
To be properly managed, they must participate in the management process
![Page 17: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/17.jpg)
Management Agent
To be managed, a network element must offer a management interface through which a managing system can communicate with the network element for management purposes. For example, the management interface allows the
managing system to send a request to the network element. This could be, for example, a request to configure a sub interface, to retrieve statistical data about the utilization of a port, or to obtain information about the status of a connection.
![Page 18: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/18.jpg)
Manager-Agent Communication
Manager and agent are important terms in network management parlance.
They refer to the systems that manage (manager) and the systems that are managed (agent). Client/server is another well-known asymmetric communication relationship that the reader might already be familiar with; therefore, a few words on the relationship between manager/agent and client/server are in order.
![Page 19: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/19.jpg)
Manager/Agent Versus Client/Server
Network elements must provide a piece of software that implements the management interface.
This software effectively provides the intermediary between external manager and managed device.
We refer to this software generally as the management agent.
In fact, this means that we are slightly overloading the term agent. Agent is used to refer both to the agent role that a network element plays in network management and to the software component, called the management agent, that allows the network element to play that role, that provides the management interface, and that represents the managed device to the manager.
![Page 20: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/20.jpg)
Manager/Agent Versus Client/Server The management agent conceptually consists of three main
parts: a management interface, a Management Information Base, and the core agent logic The management interface handles management
communication. The Management Information Base (MIB) is a conceptual data
store that contains a management view of the device being managed. The conceptual data contained in this data store constitutes the management information.
The core agent logic translates between the operation of the management interface, the MIB, and the actual device. For example, it translates the request to “retrieve a counter” into an internal operation that reads out a device hardware register that contains the desired information.
![Page 21: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/21.jpg)
Anatomy of a Management Agent
![Page 22: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/22.jpg)
Management Information, MOs, MIBs, and Real Resources
Management information that is provided by a management agent provides an abstraction of these real-world aspects for management purposes.
We refer to a chunk of management information that exposes one of these real-world aspects as a managed object (MO).
An MO could represent a device fan along with its operational state, a port on a line card along with a set of statistical data, or a firewall rule.
As you shall see later, many management protocols, including the Simple Network Management Protocol (SNMP), use their own flavor of MO, but for now, we refer to an MO in its more general.
An “MO” could thus be a MIB object in SNMP, a parameter in a command-line interface (CLI) command, or an element of an XML document in a web-based management interface.
![Page 23: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/23.jpg)
Different Abstractions of the Same Real Resource
![Page 24: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/24.jpg)
Basic Parts of Network Management
![Page 25: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/25.jpg)
The Management System
Management systems provide network providers with the tools to manage the network. These tools include applications to monitor the network, service provisioning systems, craft terminals, and so forth.
![Page 26: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/26.jpg)
A Management Hierarchy
![Page 27: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/27.jpg)
The MIB Always Resides with the Agent
![Page 28: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/28.jpg)
Connecting a Craft Terminal to a Managed Device
![Page 29: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/29.jpg)
Dedicated Versus Shared Management and Production Networks
![Page 30: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/30.jpg)
The advantages of using a dedicated management network are numerous:
Reliability—With a dedicated management network, management traffic is carried independently of traffic over the production network, making management significantly more reliable.
Interference avoidance—When carried over the production network, management traffic competes with other networking traffic.
Ease of network planning—Avoiding interference as described in the previous bullet requires careful network planning that takes into account the effects of unpredictable network management traffic.
Security—A dedicated management network is harder to attack and easier to secure. End users and subscribers will never come into contact with it; its devices are on a completely separate network.
![Page 31: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/31.jpg)
There are a variety of reasons not to use a dedicated management network and to use management communication exchanges over a shared network Cost and overhead—Despite its advantages, a dedicated
management network requires a separate network to be built. No reasonable alternative—In quite a few cases, a shared
network might realistically be the only option.
![Page 32: NETWORK CONTROL The Fourth Meeting. 2 Table of Contents Introduction Configuration Control Security Control.](https://reader033.fdocuments.us/reader033/viewer/2022052702/56649f425503460f94c6108d/html5/thumbnails/32.jpg)
A good organizational structure and clear network management responsibilities, many other things need to be considered to be able to run the network smoothly Establishment of process and operational policies,
documentation of operational procedures—This helps make management of the network consistent and efficient, and facilitates meeting a consistently high standard of operations.
Collection of audit trails—Automatically logging the activities of operations support staff— who initiated what action, at what time
Network documentation—Make sure not just your procedures and policies, but also your network itself is well documented
Reliable backup and restore procedures—This provides your network operations with an invaluable lifeline that lets you bring the network back up in case of disasters and emergencies.
Security emphasis—Security threats in networking have received a lot of attention in recent years. The most significant threat to your network might not be hackers from the outside, but disgruntled employees on the inside.