This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
A network management system provide the user with the ability to select additional information about a particular Computer networks are widely used to provide in lan network entity to present the information in a creased computing power, sharing of resources and clear display. Finally, displays of communication between users. Computer systems and network information should be flexible to accommodate computer system components are interconnected to differ network configurations, differing network form a network. Networks may include a number of management requirements, computer devices within a room building or site that are interconnected by a high speed local data link such as local area network (LAN), token ring, Ethernet, or the like. Local networks in different locations may be interconnected by techniques such as packet switching, microwave links and satellite links to form a world wide vide network management systems which generate network. A network may include several hundred of network information, more interconnected devices.
In computer networks, a number of issues arise, in network management systems which permit a user eluding traffic overload on parts of the network, optimum placement to traverse between multiple displays views of network resources, security, and isolation of network information.
Network management systems have be utilized in the pass in attempt to address such issues. Based on researches and inventions, network management systems typically operates
by remote access to and monitoring of network devices, therefore it is disable to provide network management system which can be systematized the knowledge of networking expert such as that common problems can be detected, isolated
and repaired, either automatically or the involvement of less skilled personnel.
An important aspect that should be taken into consideration
Is the way in which information is usually presented. Most researches has found that display of information should be clear and well organized; they should be flexible to accommodate differing network configuration and network management requirements. In general object of present development proved methods and apparatus for managing networks.
II. SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
CROSS-REFERENCE TO RELATED INVENTIONS
The SNMP protocol simply the day to day tasks for network and system administrators to remotely monitor and configure devices on their network, such as bridges, routers, switches, hubs, and networked servers. For example, if a system administrator wants to know bandwidth usage on a network device, she might poll the device using SNMP. Once the data is pulled from the router or switch, it can be interpreted in a number of different ways. Network traffic throughput is not the only thing you can monitor using SNMP. It is also used to monitor bandwidth, CPU usage, voltages, and other environmental conditions. For example, a system administrator could monitor the temperature of a router chassis based on information obtained through use of SNMP. Monitoring environmental conditions of routers is critical simply because if the latter reaches above recommended temperatures, the device could be damaged.
III. SNMP AND SECURITY
SNMPv1 uses community string for authentication purposes. The community string is a password that is used to control access to information residing on a managed device. Two types of community strings are defined : read only and read-write. The read only community string allows you to query the device and only read values, while the read-write community string allows you to not only read values but make changes to those values as well. The drawback of community string names are transmitted in clear text. An attacker sniffing the network can grab the community name from passing traffic. Once this community name is known, the attacker can then potentially read values off of the managed device or make configuration changes.
Most of the time, an attacker does not even need to sniff the network traffic to obtain a community name. They can guess the community name through observed pattern. History has shown that many network administrators use easy to guess or well-known community names (such as 'community,' 'admin,' or 'SNMP') and sometimes no password at all.
There are also other ways attackers can access information. SNMP messages are typically passed over the network using UDP ( connectionless transport).
Because UDP is a connectionless transport, the delay, replay, and reordering of packets is possible. As such, it's possible for an attacker to maliciously reorder, replay, and delay packets. As a result, an attacker may be able to influence the behavior of a managed device.
Although SNMPv1 and SNMPv2 do not provide any security, allowing community names to be mapped into security Name/context Name provides the ability to use view-based access control to limit the access of unsecured SNMPv1 and SNMPv2 operations. In fact, it is important for network administrators to make use of this capability in order to avoid unauthorized access to MIB data that would otherwise be secure.
Further, the SNMP-COMMUNITY-MIB has the potential to expose community strings which provide access to more information than that which is available using the usual 'public' community string. For this reason, a security administrator may wish to limit accessibility to the SNMP-COMMUNITY-MIB, and in particular, to make it inaccessible when using the 'public' community string.
IV. SNMPV3 ATTEMPTS TO ADDRESS SECURITY ISSUES.
Recently, numerous vulnerabilities have been reported in multiple vendors' SNMPv1 implementations. These vulnerabilities are as a result of implementation errors, not problems in the protocol itself. The weakness in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of service conditions, format string vulnerabilities, and buffer overflows. Some vulnerability do not require the SNMP message to use the correct SNMP community string. Refer to CERTÂ® Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
SNMPv3 was then developed, as it is an interoperable standards-based protocol for network management. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are:
â€¢Message integrity - Ensuring that a packet has not been tampered with in-transit.
â€¢Authentication - Determining the message is from a valid source.
â€¢Encryption - scrambling the contents of a packet prevents it from being seen by an unauthorized source.
SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level will determine which security mechanism is employed when handling an SNMP packet. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3, But SNMPv3 is specifically for:
Modification of Information, which means that the danger that some unauthorized entity may alter in-transit SNMP messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object
Masquerade, A threat which is the danger that management operations not authorized for some user may be attempted by assuming the identity of another user that has the appropriate authorizations.
Disclosure, Risk of eavesdropping on the exchanges between managed agents and management station. Protecting against this threat may be required as a matter of local policy.
- Message Stream Modification, As the SNMP protocol is typically based upon a connection-less transport service which may operate over any sub-network service. The re-ordering, delay or replay of messages can and does occur through the natural operation of many such sub- network services. The message stream modification threat is the danger that messages may be maliciously re-ordered, delayed or replayed to an extent which is greater than can occur through the natural operation of a sub-network service, in order to effect unauthorized management operations.
V. RECOMMENDED PRACTICES
This section describes practices that contribute to the secure, effective operation of the mechanisms defined by IETF Security and Administrative Framework Evolution 
An SNMP engine must discard SNMP Response messages that do not correspond to any currently outstanding Request message. It is the responsibility of the Message Processing module to take care of this. For example it can use a msgID for that.
An SNMP Command Generator Application must discard any response Class PDU for which there is no currently outstanding Confirmed Class PDU; for example for SNMPv2 [xxxx] PDUs, the request-id component in the PDU can be used to correlate Responses to outstanding Requests.
VI. RELATED APPLICATION DEVELOPMENTS
Typically most of the inventions relates to information management of computer networks and more particular to network management with utilized a model based management to represent different network dimensions and which provide multiple display views of network location information , topology, network status, network faults and network performance.
As Computer networks are widely used to provide increased computing power, sharing of resources and communicating between nodes, so it now became an import aspect of network mamagement system to display and present information to the user or network administrator so as to have a better view of traffic management through the network. Network information is usually display in video screens, it is as important to display clearly identified network entity for which information is presented to a user. Information should be flexible to accommodate differing network configurations and differing network management requirements.
According to present inventions, many advantages archived in methods and apparatus for displaying information related to computer network. The methods of the invention compromises the step of maintaining information relating to computer networks in a network management system, providing a user selectable view showing hieratical view and relationship of nodes., designate one author as the "corresponding author"., and analyze performance.
In the network managemrrnt according to the inventions the user, such as network operator, can program daily routines into services which are easy to use and independent of network elements. The system according to the invention converts the network element independent task of these services or service request automatically into commands in the command language of the network element which is the target of service, using parameters that are stored in the network management system and describe the command language of the network element concerned.
The invention enables the user to start all network management routines in the same way without having known the detailed of command language.
It is therefore an object of the present invention to provide an improved network management method to prevent the increase in the traffic due to transferring a protocol itself.
Based on another object of this present invention to provide a better communication network system to manage the traffic congestion due to a large number of replicas simultaneously generated by executing the particular program.
In order to achieve the above object of the present invention, a network management method performed in a communication network system comprising a plurality of nodes and a network management system, the method comprising steps of: selecting at least one network control item to be collected from each node at the network management system, sending, from the network management system to a first node, a user packet appending a control program that commands a node to provide, to the control program, information corresponding to the network control item, storing a first network control item of the first node in the control program based on executing the control program, transferring the user packet from the first node to a second node, storing a second network control item of the second node in the control program based on executing the control program, returning the user packet from the second node to the network management system, and managing the first and second nodes based on the first and second network control items.
Furthermore, in order to achieve another object of the present invention, a network management method performed in a communication network system comprising at a plurality of nodes and a network management system, the method comprising steps of: Identifying and recording, at each of the plurality of nodes, header information in response to reception of a user packet, reporting, to the network management system from a first node, reception information when the first node receives same user packets having the same header information more than a predetermined number of times, giving notice of discard of a succeed user packet having the same header information from the network
VII.INNOVATED NETWORK MANAGEMENT TECHNOLOGIES
Cisco ASR 9000 Embedded Management
The Cisco ASR 9000 Series is built for large Carrier Ethernet services. The system management functions are engineered to serve the needs of various service provider customers, to help them activate provision, assure, manage, and bill for these services. The following are some important aspects of this operational and management portfolio that are part of the base system:
â€¢ In-band management ports: The router offers dual 10/100/1000 Ethernet ports for in-band management per control-plane engine; the ports are secured from spoof and denial-of-service (DoS) attacks.
â€¢ Cisco ASR 9000 Embedded Management framework: The embedded instrumentation and management interfaces in the router are the most important components of its manageability. If the router does not have the proper instrumentation and access to the information and control, operators and OSS applications will not be able manage it.
The Cisco ASR 9000 Series offers embedded fault, configuration, accounting, performance, and security (FCAPS) management capability that goes beyond basic router instrumentation. By incorporating most of the management processing previously performed by external management applications, the Cisco ASR 9000 Series can respond to events and requests more quickly and consolidate and report data to help OSS systems scale.
- Cisco Craft Works Interface (CWI): Basic device configuration with a craft-like interface
- IOS-XR data interface (aka IOX Data I/f): Configuration by using EMACS-like interface
- Service console: Troubleshooting and fault monitoring
- Alarm subsystem: Fault monitoring
- Practical Extraction & Reporting Language (PERL) scripting toolkit for rapid Extensible Markup Language (XML) development: Basic system configuration
- Embedded security to protect the system using secure management access through Secure Sockets Layer (SSL), Secure Shell (SSH) Protocol, TACACS+, and RADIUS-based authentication, authorization, and accounting (AAA)
â€¢ Ethernet OAM framework: This framework offers end-to-end Carrier Ethernet management, including support of 802.3 OAM and Connectivity Fault Management (CFM) technologies for end-to-end troubleshooting.
The Cisco ASR 9000 Series provides a comprehensive framework with utilities through the embedded interfaces for flexible use for various service provider needs using an embedded system management architecture and related interfaces.
Orient NCM (SolarWinds)
Orion Network Configuration Manager (NCM) delivers affordable, easy-to-use network configuration management that can be used on standalone basis or integrated with Orion Network Performance Monitor (NPM). to provide an enterprise-wide, unified, intuitive view into a network configuration health and performance. It is a complete solution that accelerates network configuration and troubleshooting and ensures a stable, high-performing network-no matter how large or small.
Orion NCM simplifies managing network configuration files in multi-vendor network environments with a highly intuitive web interface that offers point-and-click simplicity and easy access to configuration data. Plus, Orion NCM continuously monitors device configurations and provides immediate notification of configuration changes to help you resolve problems before they impact users.
With Orion NCM, fix issues are quickly solved without having to manually Telnet or SSH into devices to change configuration parameters. Orion NCM also makes it easy to generate and analyze compliance reports to confirm that your devices are meeting regulatory and corporate standards.