Saturday, September 21, 2019
Network Monitoring And Management System Information Technology Essay
Network Monitoring And Management System Information Technology Essay Aà literature reviewà is a body of text that aims to review the critical points of current knowledge including substantive findings as well as theoretical and methodological contributions to a particular topic. Literature reviews areà secondary sources, and as such, do not report any new or original experimental work. Most often associated with academic-oriented literature, such asà theses, a literature review usually precedes a research proposal and results section. Its ultimate goal is to bring the reader up to date with current literature on a topic and forms the basis for another goal, such as future research that may be needed in the area. A well-structured literature review is characterized by aà logicalà flow of ideas; current and relevant references with consistent, appropriateà referencing style; proper use ofà terminology; and an unbiased and comprehensive view of the previous research on the topic. 4.1 Domain Research 4.1.1 Network Monitoring and Management system 4.1.1.1 Introduction to the use of Network Monitoring and Management system Whenever there is vital information in an organization there has to be some agent who has to provide security measures to that information. This is because this vital information can be some sort of business plans, customer details or any kind of confidential tenders that is very important to organizational benefit. Any rival company can gain profit if it has accessed to those information by any means. Thus here arise the need and usage of network monitoring system that will be able to monitor the activities of its client. Secondly in every company one can expect there will be one network administrator. But when the number of machine increases it is difficult to manage those machines manually. Suppose one need to install some kind of programs in the client PC, the administrator has to go to that PC and then install. It is literally time consuming to go to each and every PC for initiation and finishing a set up process. Another way to solve this problem is to hire more employees for maintenance of the machines. Now this will be costly affair. So the use of Network Monitoring and Management together forms an important part of organizational computer network in day to life. 4.1.1.2 Network Monitoring and Management System The termà network monitoringà describes the use of a system that constantly monitors aà computer networkà for slow or failing components and that notifies theà network administratorà (via email, pager or other alarms) in case of outages. It is a subset of the functions involved inà network management. While anà intrusion detection systemà monitors a network for threats from the outside, a network monitoring system monitors the network for problems caused by overloaded and/or crashed servers, network connections or other devices. Effective planning for a network management system requires that a number of network management tasks be performed. The network management system should discover the network inventory, monitor the health and status of devices and provide alerts to conditions that impact system performance. Anà intrusion detection systemà (IDS) is a device orà software applicationà that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.à Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.à IDPSs have become a necessary addition to the security infrastructure of nearly every organization. Network managementà refers to the activities, methods, procedures, and tools that pertain to: Operation deals with keeping the network (and the services that the network provides) up and running smoothly. It includes monitoring the network to spot problems as soon as possible, ideally before users are affected. Administration deals with keeping track of resources in the network and how they are assigned. It includes all the housekeeping that is necessary to keep the network under control. Maintenance is concerned with performing repairs and upgrades-for example, when equipment must be replaced, when a router needs a patch for an operating system image, when a new switch is added to a network. Maintenance also involves corrective and preventive measures to make the managed network run better, such as adjusting device configuration parameters. Provisioning is concerned with configuring resources in the network to support a given service. For example, this might include setting up the network so that a new customer can receive voice service. 4.1.1.2.1 Types of intrusion detection systems [B5][B6] For the purpose of dealing with IT, there are three main types of IDS: Fig: Showing type of intrusion Detection system Network intrusion detection systemà (NIDS) It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to aà network hub,à network switchà configured forà port mirroring, orà network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zoneà (DMZ) or at network borders. Sensors capture all network traffic and analyze the content of individual packets for malicious traffic. An example of a NIDS is Snort. Host-based intrusion detection systemà (HIDS) It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of aà software agent. Some application-based IDS are also part of this category. An example of a HIDS isà OSSEC. Perimeter Intrusion Detection Systemà (PIDS) Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures. Using either electronics or more advancedà fiber opticà cable technology fitted to the perimeter fence, the PIDS detects disturbances on the fence, and this signal is monitored and if an intrusion is detected and deemed by the system as an intrusion attempt, an alarm is triggered. 4.1.1.2.2 Comparison with firewalls Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called anà intrusion prevention system, and is another form of anà application layer firewall 4.1.1.3 Components of Network Monitoring and Management System The network monitoring system basically contains different modules with the help of which proper functioning is carried out. The following are the list of modules and processes: Initial Set-Up: This is the first step while setting up a network monitoring tool. The machines must be physically connected. IP addressing should be properly carried out. Network Mapping: The system sends out a command across the network along with usage of various components to get the minimum knowledge on the model in which the network is functioning network. This model is useful for documenting the network configuration. Machine Pooling: Now the map is prepared, and the system sends the current status request to the components that are in the network. With this process the system would able to get the knowledge of any potential failures that exist in the network. Alarms Notification: The application can detect the potential failures in the existing network. Like if any system has gone out of LAN due to any cable fault or any type of other failures it will send notification to the administrator. Information about errors can be displayed centrally or even sent as an SMS message to a mobile phone Notification can be through e-Mail, SMS or Pager. Reporting: The log-sheet with the help of the command can be very useful for the system administrator to generate the idea of the type of error that has been frequently occurring. By undergoing a thorough research the developer has found out that certain processes like filtering of client, listing of process, managing clients and their processes are the basic functionalities that must be present in a network monitoring system. 4.1.1.4 Network based Application Architecture Network based application architecture can be described as the software architecture of the network based application. It provides an abstract view and the model for comparison of the architecture that is going to be used to build the system. It explains how system components are allocated and identified and how these components interact with the system. Also provides information on the amount and granularity of communication needed for interact. Along with it also gives idea on the interface protocols. 4.1.1.4.1 Client/Server Architecture [W2][W3] The client-server model distinguishes between applications as well as devices. Network clients make requests to a server by sending messages, and servers respond to their clients by acting on each request and returning results. One server generally supports numerous clients, and multiple servers can be networked together in a pool to handle the increased processing load as the number of clients grows. C:UsersJAYESHPicturesfeatures-client-server.jpgC:UsersJAYESHPicturesclient_server_architecture.jpg Fig- A Client-Server Network Theà client-server modelà of computing is aà distributed applicationà structure that partitions tasks or workloads between the providers of a resource or service, calledà servers, and service requesters, calledà clients.à Often clients and servers communicate over aà computer networkà on separate hardware, but both client and server may reside in the same system. A server machine is a host that is running one or more server programs which share their resources with clients. In most cases, client-server architecture enables the roles and responsibilities of a computing system to be distributed among several independent computers that are known to each other only through a network. This creates an additional advantage to this architecture: greater ease of maintenance. For example, it is possible to replace, repair, upgrade, or even relocate a server while its clients remain both unaware and unaffected by that change. Client/Server architecture with respect to domain research 4.1.1.4.2 Network monitoring protocols [W12] Website monitoring service can check à HTTP à pages, à HTTPS, à SNMP, à FTP, à SMTP, à POP3, à IMAP, à DNS, SSH,à TELNET,à SSL,à TCP,à ping,à SIP,à UDP, Media Streaming and a range of other ports with a variety of check intervals ranging from every four hours to every one minute. Typically, most network monitoring services test your server anywhere between once-per-hour and per-minute. SNMP is the most well known protocol used to manage networked devices. It was to facilitate the exchange of management information between networked devices operating at the application layer of the ISO/OSI model. A collection of network management stations and network elements are implicit in the SNMP architectural model. Network management stations monitor and control network elements by executing management applications for Network devices such as hosts, gateways, terminal and servers which have management agents responsible for performing the network management functions requested by the network management stations. The Simple Network Management Protocol (SNMP) is used to communicate management information between the network management stations and the agents in the network elements. SNMP is most commonly used for remote management of network devices. SNMP is moreover known for its flexibility. Adding network-management functions to the existing system is very easy. An SNMP-managed network typically consists of three components: Managed devices Agents Network management systems A managed device can be any piece of equipment that sits on your data network and is SNMP compliant. Routers, switches, hubs, workstations, and printers are all examples of managed devices. An agent is typically software that resides on a managed device. The agent collects data from the managed device and translates that information into a format that can be passed over the network using SNMP. A network-management system monitors and controls managed devices. The network management system issues requests and devices return responses. 4.1.1.5 HCI (Human Computer Interaction) Human-computer interaction is a discipline concerned with the design, evaluation and implementation of interactive computing systems for human use and with the study of major phenomena surrounding them. Association for Computing Machinery As Smart Whistle Blower- a network management and monitoring tool completely functions according to the user. That is why developer tried to implement peoples interaction with computers and to develop the computers for successful interaction with human by the concept of HCI (Human- Computer Interaction). The developer used following main parts of HCI: User Computer Interaction The developer implemented HCI with the aim of improving the interactions between humans and computers by making computers more usable and receptive to the users needs. Usability can be defined as the extent to which the system can be learnt and used by the users. So the developer measures the usability of the system by analyzing the following points: Easy to learn Effective to use Efficient to use While developing a system using HCI principles the following factors must be considered by the developer: Organizational Factors Environmental Factors Health and Safety Factors Comfort Factors People System/Network Administrator Supervisor Advisor HCI now is being used in a wide range of fields which are shown in the diagram below: Fig: Showing related modules to HCIU Source: http://images.google.co.in/imgres?imgurl=http://www.deepamehta.de/docs/images/talk/39-middle.png 4.1.1.6 Market Research 4.1.1.6.1 Similar software available in market There are numerous monitoring tools available in the market, some of which are listed below: Application Monitoring Performance Monitoring Database Monitoring Security Monitoring Environment Monitoring Network Traffic Monitoring PC Monitoring Protocol Analyzing 4.1.1.6.2 Comparison Chart [W13] [W14] [W15][W16][W17][W18][W19][W20] Fig: Showing Comparison Chart between ten software and Smart Whistle Blower A Brief Analysis On a comparison with 10 network monitoring system it has been found that the proposed software i.e. Smart Whistle is providing many such facilities that the current network monitoring system do not have. The comparison has been done on nine different features that network monitoring and management software must have. The features commonly are as follows: [Ãâà ] Logical Grouping [Ãâà ] Distributed Monitoring [Ãâà ] Hardware Intrusion Detection [Ãâà ] WebApp [Ãâà ] Auto discovery [Ãâà ] Triggers/alerts [Ãâà ] Live Screening [Ãâà ] Chat enabled [Ãâà ] Support Network Management System 4.1.2 Security management recommendation Security Management for networks is different for all kinds of situations. A small home or an office would only require basic security while large businesses will require high maintenance and advanced software and hardware to prevent malicious attacks fromà hackingà andà spamming. Small homes A basicà firewallà like COMODO Internet Security or aà unified threat managementà system. For Windows users, basicà Antivirus softwareà likeà AVG Antivirus,à ESET NOD32 Antivirus,à Kaspersky,à McAfee,à Avast!,à Zone Alarm Security Suiteà orà Norton Antivirus. An anti-spyware program such asà Windows Defenderà orà Spybot Search Destroyà would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered. When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption. Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router. Assign STATIC IP addresses to network devices. Disable ICMP ping on router. Review router or firewall logs to help identify abnormal network connections or traffic to the Internet. Use passwords for all accounts. Have multiple accounts per family member, using non-administrative accounts for day-to-day activities. Disable the guest account (Control Panel> Administrative Tools> Computer Management> Users). Raise awareness about information security to children. Medium businesses A fairly strongà firewallà orà Unified Threat Managementà System Strongà Antivirus softwareà and Internet Security Software. Forà authentication, use strong passwords and change it on a bi-weekly/monthly basis. When using a wireless connection, use a robust password. Raise awareness aboutà physical securityà to employees. Use an optionalà network analyzerà or network monitor. An enlightened administrator or manager. Large businesses A strongà firewallà andà proxyà to keep unwanted people out. A strongà Antivirus softwareà package and Internet Security Software package. Forà authentication, use strong passwords and change it on a weekly/bi-weekly basis. When using a wireless connection, use a robust password. Exerciseà physical securityà precautions to employees. Prepare aà network analyzerà or network monitor and use it when needed. Implementà physical securityà management likeà closed circuit televisionà for entry areas and restricted zones. Security fencingà to mark the companys perimeter. Fire extinguishersà for fire-sensitive areas like server rooms and security rooms. Security guardsà can help to maximize security. School An adjustableà firewallà andà proxyà to allow authorized users access from the outside/inside. Strongà Antivirus softwareà and Internet Security Software packages. Wireless connections that lead toà firewalls. Childrens Internet Protection Actà compliance. Supervision of network to guarantee updates and changes based on popular site usage. Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by bothà internetà andà sneaker netà sources. security via firewall Large government A strongà firewallà andà proxyà to keep unwanted people out. Strongà Antivirus softwareà and Internet Security Software suites. Strongà encryption. White list authorized wireless connection, block all else. All network hardware is in secure zones. All hosts should be on a private network that is invisible from the outside. Put web servers in aà DMZ, or a firewall from the outside and from the inside. Security fencingà to mark perimeter and set wireless range to this. 4.1.3 Service and Technology Growth in India As India emerging as one of the major IT leaders of the world, more and more IT companies are establishing in the present scenario. With the increase in IT companies more competition will arise in the market, as a result there will be increase in business politics and hence everybody will try to win this race of competition in the market. Thus there is high risk of hackers intruding into company database and taking away vital information and selling them to rival company. So here the importance of Network Security arises. As a result more and more number of Network Monitoring and management systems is being developed. On a detailed research it has been found that the number of cases of cyber crime is increasing every year. With practical guidanceà delivered by expert speakersà an organization named as e-Crimeà India is the premier networking and knowledge initiative for security, IT, fraud, investigations, CERT, audit, forensics, and compliance professionals who are responsible forà protecting against existing attacks and emerging threats.à Major IT companies in India like the Infosys, TCS, and Wipro etc. are having separate department to develop software related to network security. Hence one can say the importance of developing such a system because this type of software is ever- demanding with the increase and development of technology. 4.2 Information and Resources Networks Networking Concepts Computer Networks and Internets with Internet Applications, 4th International Edition, Douglas E Comer, Ralph E. Droms, ISN:013123627X, Publisher: Prentice Hall, Copyright: 2004 Behrouz Forozuan, (2004) Introduction to Data Communication Networking, 3rd Edition, McGraw-Hill Tanenbaum, Andrew S. (2003) Computer Networks, 4th Edition, Prentice Hall Stallings, William (2006) Data and Computer Communications, 7th Edition, Prentice Hall Books Leslie Ann Robertson, 2003, Simple Program Design, 2nd Edition , Boyd and Fraser Shelly, G.B., Cashman, T.J. Rosenblatt, H.J. (2005) System Analysis and Design, 5th or 6th Edition, Course Technology OConnell, F. (2001) How to Run Successful Projects III: The Silver Bullet. Addison Wesley, ISBN: 0201748061 CCTA (2002) Managing Successful Projects with PRINCE2. The Stationary Office Books, Cleland, D. (2001) A Guide to the Project Management Body of Knowledge 2000. PMI. ISBN: 0113308914 White Paper and Journal Parnas, David,à A rational design process and how to fake it (PDF)à An influential paper which criticises the idea that software production can occur in perfectly discrete phases. Royce, Winston (1970),à Managing the Development of Large Software Systems,à Proceedings of IEEE WESCONà 26à (August): 1-9 Web Site www.onestoptesting.com/sdlc-models/waterfall-model/ http://www.freelancer.com/projects/by-tag/projects-socket-programming-based-multi-client-server-architecture.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.