Network Management

solarwindsinc asked:

www.solarwinds.com – Check out this short video where Josh Stephens, our SolarWinds Head Geek, provides step by step instructions for enabling and configure SNMP on Windows servers and workstations

network management program

telecomcompany asked:


What else can an EMS do for me other than the obvious?

To which I reply, “It can keep your sales people honest!” Well what I mean is that a well thought out and designed management system can help your sales people substantiate your claims about your product in an elegant and easy to understand manner. To explain it in greater detail, let me share a recent customer experience.

We were approached by a network infrastructure provider who was focused on designing and building massively scalable Ethernet fabric switching solutions for Enterprise, and Internet data centers to help them with their management solution. Their system uses Dynamic Congestion Avoidance to automatically balance traffic for delivering the industry’s highest performance and lowest latency and is aimed at enabling server virtualization, data consolidation, and parallel and cloud computing.

One of the main advantages of their technology was that it was non-blocking, with no packet loss or drop and had ultra low latency and jitter. Before they had a management system, even though they could mathematically show the efficiency of their system, their sales people were unable to explain to their customers, in a convincing manner, the value proposition of their technology. With the help of DNMS (Dhyan Network Management System) advance performance monitoring function they were not only able to obtain real time statistics on latency, jitter, byte and packet loss on a per flow basis but were also able to present that information to their customers in a manner that was visually appealing and easy to understand thereby significantly improving the efficiency of their sales process. As they say in sales, most customers are from Missouri – the “Show-Me State”! Instead of hearing about the capabilities of your technology they would rather see it. Finally it is said that a picture is worth a thousand words and in this highly competitive world it may be the difference in making that positive first impression!

Dhyan Infotech Inc is a software and services company that helps Equipment Vendors differentiate their products in the market place. Dhyan’s EMS technology, DNMS (Dhyan  Network/Element  Management System), is a component based Element Management System, which has been widely deployed by Dhyan’s customers at many Service Providers both small and large

To know more , visit this link

http://dhyanit.com/newsletter/jan_09/index.html



oss network management

raji asked:


1 Introduction

Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Military tactical operations are still the main

Application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.

1.1 Security goals

Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and non-repudiation.

Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.

Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.

Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.

Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.

Finally, non-repudiation ensures that the origin of a message cannot deny having sent the message. No repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message from a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.

There are other security goals (e.g., authorization) that are of concern to certain applications, but we will not pursue these issues in this paper.

1.2 Challenges

The salient features of ad hoc networks posses both challenges and opportunities in achieving these security goals.

First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message replay, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation.

Secondly, nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor physical protection, have non-negligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a 2 distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability; that is, if this centralized entity is compromised, then the entire network is subverted.

Thirdly, an ad hoc network is dynamic because of frequent changes in both its topology and its membership (i.e., nodes frequently join and leave the network). Trust relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks, such as mobile IP [21, 48, 34], nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt on-the-fly to these changes.

Finally, an ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.

1.3 Routing Protocol and Threats

Routing protocols for ad hoc networks are still under active research. There is no single standard routing protocol. Therefore, we aim to capture the common security threats and to provide guidelines to secure routing protocols. In most routing protocols, routers exchange information on the topology of the network in order to establish routes between nodes. Such information could become a target for malicious adversaries who intend to bring the network down. There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, replaying old routing information, or distorting routing information, an attacker could successfully partition a network or introduce excessive traffic load into the network by causing retransmission and inefficient routing.

The second and also the more severe kind of threats come from compromised nodes, which might advertise incorrect routing information to other nodes. Detection of such incorrect information is difficult: merely requiring routing information to be signed by each node would not work, because compromised nodes are able to generate valid signatures using their private keys.

To defend against the first kind of threats, nodes can protect routing information in the same way they protect data traffic, i.e., through the use of cryptographic schemes such as digital signature. However, this defense is ineffective against attacks from compromised servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes being compromised in an ad hoc network. Detection of compromised nodes through routing information is also difficult in an ad hoc network because of its dynamically changing topology: when a piece of routing information is found invalid, the information could be generated by a compromised node, or, it could have become invalid as a result of topology changes. It is difficult to distinguish between the two cases.

On the other hand, we can exploit certain properties of ad hoc networks to achieve secure routing. Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate the dynamically changing topology. False routing information generated by compromised nodes could, to some extent, be considered outdated information. As long as there are sufficiently many correct nodes, the routing protocol should be able to find routes that go around these compromised nodes. Such capability of the routing protocols usually relies on the inherent redundancies — multiple, possibly disjoint, routes between nodes — in ad hoc networks.

2. Key Management Service

We employ cryptographic schemes, such as digital signatures, to protect both routing information and data traffic. Use of such schemes usually requires a key management service. We adopt a public key infrastructure because of its superiority in distributing keys and in achieving integrity and non-repudiation. Efficient secret key schemes are used to secure further communication after nodes authenticate each other and establish a shared secret session key. In a public key infrastructure, each node has a public/private key pair. Public keys can be distributed to other nodes, while private keys should be kept confidential to individual nodes. There is a trusted entity called Certification Authority (CA) [11, 47, and 26] for key management. The CA has a public/private key pair, with its public key known to every node, and signs certificates binding public keys to nodes. The trusted CA has to stay on-line to reflect the current bindings, because the bindings could change over time: a public key should be revoked if the owner node is no longer trusted or is out of the network; a node may refresh its key pair periodically to reduce the chance of a successful brute-force attack on its private key. It is problematic to establish a key management service using a single CA in ad hoc networks. The CA, responsible for the security of the entire network, is a vulnerable point of the network: if the CA is unavailable, nodes cannot get the current public keys of other nodes or to establish secure communication with others. If the CA is compromised and leaks its private key to an adversary, the adversary can then sign any erroneous certificate using this private key to impersonate any node or to revoke any certificate.

A standard approach to improve availability of a service is replication. But a naive replication of the CA makes the service more vulnerable: compromise of any single replica, which possesses the service private key, could lead to collapse of the entire system. To solve this problem, we distribute the trust to a set of nodes by letting these nodes share the key management responsibility.

3. Push! Photo: Informal Photo Sharing in Ad-Hoc Networks

As mobile camera phones become ubiquitous the practice of photography changes. Camera phone pictures are usually taken with sharing in mind. Meanwhile, publicly sharing photographs online has become increasingly popular with websites such as Flickr. Push! Photo is a mobile photo sharing application where photos can be made public and immediately accessed by anyone nearby. The application also automatically searches for photos on nearby devices to find interesting and relevant photos. Push! Photo shows how it is possible to share digital photos just as easy as paper photos.

Shoot!

Publicize!

Discover!

Enjoy!

3.1 THE PUSH! PHOTO PROTOTYPE

The current prototype of Push! Photo allows photos to be made public, and users can browse their own photo collection as well as those of others nearby. When devices are in proximity of one another, they will automatically start to search each other’s public photo collections for

Photographs relevant to one self. These photos are shown as a multi-picture slideshow, which is extended as new photos are found. To browse photos from an event shown in a particular photo the user can click on that picture in the slideshow. The application will then download all photos from nearby devices taken at that event. In this way, if a user spots an interesting picture in the slideshow, she can easily find more photos from the same occasion. To decide

Whether two photos are from the same event, information about whom else was around and the time of shooting is used. The application implements a discovery service to find other devices when they are within Wi Fi-range. Thus the application is always aware of who else (using Push!Photo) is around at a particular time. As a photograph is taken, the resulting picture is tagged with this information together with the time and the identity of the photographer. The current prototype is an application running on

Pocket PCs with WiFi-cards and external SD-cameras

3.2 RELATED WORK

In previous work with Push! Music [2] music files were replaced with so called media agents which were enabled to autonomously copy themselves between devices over a wireless ad hoc network. The media agents try to find their

way to potential listeners as users meet, and as a song is copied it automatically enters the play list. In this way the users discover new music while passively listening. Other projects have looked at mobile photo sharing. Davis et al. in MM2 uses the notion of co-presence to simplify the decision of with whom to share [1]. Photos are then uploaded automatically to a central web server where the sharing recipients can access the photos. Kohno and Rekimoto instead use GPS information and time stamps to decide if pictures are from the same event or not [4]. This is used to let users easily browse each others photos when standing in a group to serve as a topic of discussion. The system also let users drag and drop pictures between your own and other’s devices. As a contrast, Push! Photo aims to look into how mobile sharing can be simplified by allowing seamless sharing, and using context and tagging to automatically find interesting and relevant photographs

4 Conclusions

In this paper, we have analyzed the security threats an ad hoc network faces and presented the security objectives that need to be achieved. On one hand, the security-sensitive applications of ad hoc networks require high degree of security; on the other hand, ad hoc networks are inherently vulnerable to security attacks. Therefore, security mechanisms are indispensable for ad hoc networks. The idiosyncrasy of ad hoc networks poses both challenges and opportunities for these mechanisms. This paper focuses on how to secure routing and how to establish a secure key management service in an ad hoc networking environment. These two issues are essential to achieving our security goals. Besides the standard security mechanisms, we take advantage of the redundancies in ad hoc network topology and use diversity coding on multiple routes to tolerate both benign and Byzantine failures. To build a highly available and highly secure key management service, we propose to use threshold cryptography to distribute trust among a set of servers. Furthermore, our key management service employs share refreshing to achieve proactive security and to adapt to changes in the network in a scalable way. Finally, by relaxing the consistency requirement on the servers, our service does not rely on synchrony assumptions. Such assumptions could lead to vulnerability. A prototype of the key management service has been implemented, which shows its feasibility. The paper represents the first step of our research to analyze the security threats, to understand the security requirements for ad hoc networks, and to identify existing techniques, as well as to propose new mechanisms to secure ad hoc networks. More work needs to be done to deploy these security mechanisms in

an ad hoc network and to investigate the impact of these security mechanisms on the network performance.

5 Acknowledgments

I would like to thank my friends for their invaluable contributions to this work. I am also grateful to my family and the anonymous reviewers for their comments and suggestions that helped to improve the quality of the paper.

I am grateful to Almighty for His blessings upon me.

6 References

[1] E. Ayanoglu, C.-L. I, R. D. Gitlin, and J. E. Mazo. Diversity coding for transparent self-healing and

fault-tolerant communication networks. IEEE Transactions on Communications, 41(11):1677–1686,

November 1993.

[2] M. Castro and B. Liskov. Practical Byzantine fault tolerance. In Proceedings of the 3rd USENIX

Symposium on Operating System Design and Implementation (OSDI’99), pages 173–186, New Orleans,

LA USA, February 22–25, 1999. USENIX Association, IEEE TCOS, and ACM SIGOPS.

[3] Y. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457,

July–August 1994.

[4] Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology—

Crypto’89, the 9th Annual International Cryptology Conference, Santa Barbara, CA USA, August 20–24,

1989, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 307–315. Springer, 1990.

[5] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications.

Technical Report ISSE TR-97-01, George Mason University, July 1997.

[6] A. Ephremides, J. E. Wieselthier, and D. J. Baker. A design concept for reliable mobile radio networks

with frequency hopping signaling. Proceedings of the IEEE, 75(1):56–73, January 1987.

[7] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th

Annual Symposium on the Foundations of Computer Science, pages 427–437. IEEE, October 12–14,

1987.

[8] M. J. Fischer, N. A. Lynch, and M. S. Peterson. Impossibility of distributed consensus with one faulty

processor. Journal of the ACM, 32(2):374–382, April 1985.

[9] Y. Frankel, P. Gemmel, P. MacKenzie, and M. Yung. Optimal resilience proactive public-key cryptosystems.

In Proceedings of the 38th Symposium on Foundations of Computer Science, pages 384–393,

Miami Beach, FL USA, October 20–22, 1997. IEEE.

[10] Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Proactive RSA. In B. S. Kaliski Jr., editor,

Advances in Cryptology—Crypto’97, the 17th Annual International Cryptology Conference, Santa Barbara,

CA USA, August 17–21, 1997, Proceedings, volume 1294 of Lecture Notes in Computer Science,

pages 440–454. Springer, 1997.

[11] M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed systems security architecture.

In Proceedings of the 12th National Computer Security Conference, pages 305–319, Baltimore,



network management techniques

John C asked:


Ok long story. A while back I lost all 40 something GBs of music off my network hard drive when it crashed. Fortunately I had it all saved on my iPod. I downloaded Senuti to my iBook which is an open source iPod management program to transfer the music from the iPod back to my network. However, while it was copying, the iPod was disconnected by another member of my household. The songs still play off the iPod but when I tried to reconnect it, a message read saying, iPod corrupted use restore to reset to factory settings. If I use restore, then all the music will be erased from the iPod and I won’t be able to get it back. I have tried restarting the iPod multiple times. What can I do?

networks management

Robert asked:


Every computer network that is connected to the internet and worldwide web is highly vulnerable to security threats, hacking, unauthorized entries, data integrity issues and data loss. There are number of ways how intruders can sneak into your network and steal your data, misuse or manipulate the data. Most often, these intruders have sophisticated applications to steal the data from your network without your knowledge. No organization can compromise on data security because it is the lifeline of all organizations. At times there can be sensitive data pertaining to third parties including customer data.

As intruders operate in stealth mode, there is no way we can notice their intrusion and it requires proper security initiatives to keep them off your network. If you have proper tools that monitor your network 24/7, you will be able to identify hacking attempts and will be able to secure your network at the right before any possible data loss. One of the best ways of ensuring network security is to install a network analyzer in your network.

Reliable network analyzer software such as COLASOFT Packet Sniffer will be able to give your network the needed security. The network analyzer that you install will keep a close watch on all network conversations with the external world. All the data that comes in and goes out of your network will be closely monitored. At any given point, you will able to know how your network resources and bandwidth are utilized. If there is any unusual traffic or activities as a security manager you will be able to easily spot the issues. Every security manager should be aware of the nature of traffic in their network during different times of the day and the regular traffic pattern. You will be able to get this information from a reliable network analyzer. When the network traffic changes drastically or deviates from the regular pattern then it gives you a good reason to suspect of undesirable activities within your network.

Therefore, even when the intruders operate in stealth mode, the abnormal activity within the network will be easily spotted by the network analyzer. The network security manager can set various criteria and parameters using the tool that monitors the network so that timely attention is given even at the slightest suspicion. Without a network analyzer, we will neither know our network’s regular traffic pattern nor will we know whenever there are undesirable background activities.

Using a reliable network analyzer such as COLASOFT Packet Sniffer, you will be able to record all network events, which gives you a total control over your network. You will be able to keep track of all HTTP requests, Email messages, FTP data transfers, DNS requests and instant messenger activities. This covers every aspect of your network’s activities. At times, the intruders may even use your network to send spam mails without your knowledge, if you have a network analyzer you will be able to keep a tab on the data transfer. You will be able to spot instantly any unauthorized data transfer. Therefore, using network analyzer tool enhances the security of your network. Visit COLASOFT.com to get more information on reliable network analyzer tools for your network.

About COLASOFT

Ever since 2001, COLASOFT has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: COLASOFT Packet Builder, COLASOFT Packet Player, COLASOFT MAC Scanner, and COLASOFT Ping Tool. Learn more today at http://www.COLASOFT.com/



network management blog

NetQoSVideo asked:

Joel Trammell of NetQoS on Gas Mileage and Network Latency

network managment

EntuityNews asked:

Highlights and excerpts from the Eye of the Storm 2009 product review recently completed by Network Computing Magazine.

network management programs

Allen N asked:


I recently moved my company to a new building and added a few more managed switches. Prior to the move, we were operating on a single switch connected directly to the router. Our new location currently is running on three switches with all ports full.

Since the move, the network has slowed dramatically. By network i mean our internal LAN. Is there any sort of management i should be setting on the ports that link the switches together to increase speed?

These switches are not daisy chained but rather two switches connect into the one that is connected to the router.

The switches are HP Procurve 1800-24G managed switches. The ports are 10/100/1000. The switch is a store n forward.

active network management

spiceworks asked:

Spiceworks 3.0 let’s you share and share alike with new features including shared reports, sharing information about IT service providers, and polls. Spiceworks Marketing Maven, Michelle explains more about these features in the third of four 3.0 preview videos.

network management model

vasutown asked:


Early this year we will launch the world’s first pay-for-performance recruiting, career management and staffing (~140 billion US revenues) marketplace, where each participant in the collaborative value network earns commission in direct proportion to their performance and the performance of others.

I’d like to meet a vast array of people that want to make a difference in others lives and prosper in the process.

network management corporation