This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
3.1 NETWORK MANAGEMENT IN OPERATING SYSTEM
Earlier version of operating systems that were mainly intended for personal and home use, including MS-DOS and Windows 95 there is no distinguished network administrator. But nowadays operating system provides lots of tolls for network management. Here they are as follows.
3.1.1 Network management in WINDOWS:-
1. Remote Desktop:-Windows XP professional provides Remote Desktop tool. With the Remote Desktop feature in Windows XP, user can remotely control a computer from another office, from home, or while traveling.
2. Firewall: - Windows Firewall protects your computer by blocking communications that might actually be dangerous software trying to find a way to connect to your computer, rather than communications from a person or program you want to interact with. Windows Firewall is smart enough to allow connections from computers in your home and to block those connections from computers on the Internet. For example, Windows Firewall will allow you to share files or a printer between two computers in your home, but it will block any attempts from people on the Internet to connect to your computer.
3. LAN messenger: - A LAN messenger is an instant messaging program designed for use within a single local area network. The first LAN messenger for Microsoft Windows is Winpopup, a small utility included in Windows 95/98/Me intended to receive and send short instant text messages. Winpopup uses SMB/NetBIOSSprotocol.
Windows NT/2000/XP improves upon with Messenger Service, a Windows service for receiving and sending messages compatible to Winpopup. On systems where this service is running, the received messages "pop up" as simple message boxes. Any software compatible with winpopup, like the console utility NET SEND, can send such messages.
4. Other services:-Newer versions of windows provide more network management services like Net Logon, graphical view of Network connection etc. Also we can do a lot of things from the command prompt by basic networking command like ping.
3.1.2 Network management in LINUX:-There are lots of basic commands in Unix environment which are primarily used for network management .Some of are ping , ifconfig, netstat, traceroute, nslookup, dig, tcpdump, /proc/net, ipfwadmin, tcpwrapper, maskd.
ping: - UNIX ping command, which reports whether a computer at a particular address or IP number is responding. To see whether a networked computer has crashed or otherwise become unavailable, Ping is used. The syntax for ping is: ping address
ipconfig:- The "ifconfig" command allows the operating system to setup network interfaces and allow the user to view information about the configured network interfaces.
netstat: - displays generic net statistics of the host you are currently connected to.
traceroute: - This command is very useful for distinguishing network / router issues. If the domain does not work or is not available you can traceroute an IP. It Print the route packets take to network host.
nslookup: - nslookup sends queries to Internet domain name servers. It has two modes: interactive and non-interactive. Interactive mode allows the user to contact servers for information about various hosts and domains or to display a list of hosts in a domain. Non-interactive mode is used to display just the name and requested information for a host or domain.
dig:-dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
Tcpdump: - It captures packets from an Ethernet in promiscuous mode, and displays their contents. Numerous options exist to filter the output down to only those packets of interest. This version runs on a number of different UNIX platforms.
4.1 Different network management tools
1. Packet Sniffers
A packet sniffer, the network analyzer, is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic. To capture the information going over the network is called sniffing. It is a "sniffing" program that lets someone listen in on computer conversations. However, computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as "protocol analysis", which allow them to "decode" the computer traffic and make sense of it. These tools known as network sniffers are named after a product called the Sniffer Network Analyzer. Introduced in 1988 by Network General Corp. (now Network Associates Inc.), the Sniffer was one of the first devices that let managers sit at their desks and take the pulse of the larger network. The original sniffers read the message headers of data packets on the network, giving administrator details about the addresses of senders and receivers, file sizes and other low-level information about those packets, in addition to verifying transmission. Using graphs and text-based descriptions, sniffers helped network managers evaluate and diagnose performance problems with servers, the network wire, hubs and applications.
A firewall is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.
A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is (and should be) a zone with high trust.
With regard to the scope of filtered communications there exist:
Personal firewalls, a software application which normally filters traffic entering or leaving a single computer.
Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks. Such a firewall filters all traffic entering or leaving the connected networks.
The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking.
In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist:
Network layer firewalls. An example would be iptables.
Application layer firewalls. An example would be TCP Wrappers.
Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file
3. Intrusion-detection system
An Intrusion Detection System (or IDS) generally detects unwanted manipulations to computer systems, mainly through the internet. . The manipulations may take the form of attacks by skilled malicious hackers using automated tools.
An Intrusion Detection System is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, Trojan horses and worms).
An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.
A Network Intrusion Detection System is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.
A Protocol-based Intrusion Detection System consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.
An Application Protocol-based Intrusion Detection System consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
A Host-based Intrusion Detection System consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state.
A Hybrid Intrusion Detection System combines one or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.
4. Keystroke logging
A keylogger sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard. Keystroke logging can be achieved by both hardware and software means. Hardware key loggers are commercially available devices which come in three types: inline devices that are attached to the keyboard cable, devices which can be installed inside standard keyboards, and actual replacement keyboards that contain the key logger already built-in. The inline devices have the advantage of being able to be installed instantly. However, while they may go unnoticed for quite some time, they are easily detected visually upon closer inspection. Of the three devices available, the most difficult to install is also the most difficult to detect. The device that installs inside a keyboard (presumably the keyboard the target has been using all along) requires soldering skill and extended access to the keyboard to be modified. However, once in place, this type of device is virtually undetectable. These keystrokes are appended in a keylog test file. The keylog file is transferred to the administrator as and when required. They are transferred from the user machine to the administrator machine using FTP.
The Network Administrator can request a snapshot of the user desktop by using this tool. Whenever requested by the Administrator, the part of the module working in the user side will take a snapshot of the desktop, stores the images in a file and the file will be transferred to the administrator. For Linux the screenshot can be captured by using the 'xwd' command which can dump an image of an X window. The files which are generated by the Screenshot tool is transferred like keystroke logger module described above.
4.2 Commercial Network Management Tools:-
There are lots of tools available in the market. Cisco, Network General, EarthReal, IBM are some of the famous vendors providing these tools.