Sie sind auf Seite 1von 8

b) Presentation and evaluation of the

technical approaches reported in

current research literature for
improving this aspect of online
Today, the Internet has become the fastest
growing part of the global network. However, it
is the network part that draws more attention to
the security related issues because of its possible
design flaws and its vulnerability to attacks. A
successful attack on a system on the Internet can
pose a major threat because it can influence the
system performance and the services used by
millions of users. (Abbas et al, 2006)
The online security flaws and vulnerabilities
pose a need to implement and utilize different
technical approaches to ensure that proper
security measures are enforced. Online security
comprises the operations that protect the
information and the system that is processing the
information by providing some basic security
authentication, confidentiality, and nonrepudiation. These services may include the
prevention mechanisms against any attacks or
potential security attacks.
Technical Approaches
Ipswitsch. Inc states that a network is no longer
a monolithic structure. It includes the Internet,
local area networks (LANs), wide area networks
(WANs), virtual LANS (VLANS), wireless
networks, and all of the devices, servers, and
applications that run on them. According to the
literature that has been surveyed, Network
Monitoring systems can be classified into five
approaches, which are;
ANEMOS: An Autonomous NEtwork
MOnitoring System
Xiaoying brings to table the concept of
Autonomous systems by outlining that to enable
network operators to collaborate to ensure the
interconnection of each part of the Internet, as
well as to maintain independent control of each
parts resources, the network must be organized
into Autonomous Systems (ASes). An

Autonomous System is a collection of IP

networks and routers, normally under one
administrative authority, that presents a common
routing policy to the Internet.
Danalis et al (2003) then introduces ANEMOS
which allows network operators and end-users to
schedule, perform, and analyze active
measurements on several network paths through
a Web-based GUI. The system issues alarms that
are used for detecting congestion, anomalies,
attacks, or flash crowds; they can trigger
changes in the configuration of overlay
Danalis et al further states that the architecture
of ANEMOS is made up of three types of
components. The Client module constitutes the
user interface to the system, the Coordinator is
the central component that is responsible for the
scheduling of measurement tasks and for data
collection and analysis, while the Worker
modules are the components that interact with
the measurement tools at the end-hosts of the
monitored paths.

Security in ANEMOS
Danalis also makes it clear that ANEMOS
measurements or visualizing results at the same
time. Consequently, the system should provide
authentication. Also, the system should use
encryption for the communication of passwords
between the Clients and the Coordinator. In the
current implementation, we use the logi.crypto
Java package, developed by logi , to provide
encryption. When a Client wants to establish a
connection with the Coordinator it starts a
CipherStream. This initializes a Diffie- Hellman
key exchange using Triple-DES, and it then
ensures that all data sent through it will be
encrypted and decrypted automatically. To
provide authentication, the communication
protocol between the Clients and the
Coordinator, requires that all messages include
the username and the password of the requesting

Network Monitoring Under Wide Area

Network (WAN) (Redo)
(Davenhall and Leese, 2005) declares that
WANs (Wide Area Networks) span a wide
geographical area, typically a country or
continent. They are almost invariably operated
by a telecommunications service provider rather
than being owned by an end user.
Organizations provide a wide range of services
to their clients and that requires a secure IT
infrastructure. Many of the computer systems
supporting these services use the Wide Area
Network (WAN) to transmit sensitive
information such as government financial
transactions, personnel and payroll records, and
proprietary corporate data. A highest degree of
integrity, confidentiality, and availability of its
information systems must be upheld while
management of this information.
Manish et al advocates a lower-cost alternative,
WAN monitoring system i.e. it is a scalable
technique to coordinate and distribute the
monitoring effort. From the literature that has
been surveyed its clearly a necessity to monitor
network under a WAN environment because if
the WAN link is down, it means the entire
branch office population behind the WAN link
will not be able to access any application that is
hosted in the network.
Online Security in WAN
Monitoring initiatives designed for WAN
involves the implementation of some network
monitoring protocols and tools (active and
passive tools) to enforce online security,
(Grigoriev, M. and Cottrell, L.) introduces the
use of PING which measures delay and loss of
packets, Nagios, Traceruote which helps
determine topology of the network. (Cecil 2006)
defines another protocol namely SNMP which is
an application layer protocol that is part of the
TCP/IP protocol suite. Through its wide range
capabilities it allows Administrators to manage
network performance, find and solve network
problems, and plan for network growth. It
gathers traffic statistics through passive sensors
that are implemented from router to end host.

These tools are implemented to protect the

network from hackers, human error, disgruntled
employees, criminals and they Defend and
Mitigate Security Threats; this on the other hand
can have some drawbacks,
Lippis, 2009 makes it clear that WAN is slower
due to high bandwidth usage and increased
traffic load.

Network Monitoring System Design under

A publication by FIPS PUB 191 (1994 cited
James 1989) stated that The Institute of
Electrical and Electronic Engineers (IEEE) has
defined a LAN as "a datacomm system allowing
a number of independent devices to
communicate directly with each other, within a
moderately sized geographic area over a
physical communications channel of moderate
rates". Typically, a LAN is owned, operated, and
managed locally rather than by a common
carrier. A LAN usually, through a common
network operating system, connects servers,
workstations, printers, and mass storage devices,
enabling users to share the resources and
functionality provided by a LAN.
Federal Information Processing Standard
Publication (1994) argued that security services
that protect the data, processing and
communication facilities must also be
distributed throughout the LAN. For example,
sending sensitive files that are protectedUsers
must ensure that their data and the LAN itself
are adequately protected. LAN security should
be an integral part of the whole LAN, and
should be important to all users.

(Fan and Fei, 2010) further indicates that

Enterprise LAN monitoring management system
runs within the enterprise network firewall. And
the server in the LAN has a domain controller,
that is, directory server as shown below:

Security in LAN

Network: The network layer is largely

associated with routers. Network layer
protocols manage how packets are
forwarded from incoming links to outgoing
links towards their destination. The Internet
Protocol (IP) is the only network layer
protocol in the Internet, and is the most
important protocol in the Internet.
Transport: The network layer causes
packets to be shipped from the source
endsystem to the destination endsystem.
Transport protocols connect processes on
the two endsystems, and also determine the
quality of service available to the
applications. TCP and UDP are two major
transport layer protocols.
Application: The application layer is
concerned with implementing particular
applications, such as the World Wide Web
(WWW), the Domain Name System (DNS),
e-mail etc. Typical application protocols
include HTTP for WWW, DNS for DNS,
and SMTP for e-mail.

Security services and mechanism in LAN can be

enforced by through the network firewall to
reduce and monitor threats and vulnerabilities as
proposed by Fan and Fei, 2010, There are
network protocols that are put in place in each of
the layers of the Open Source Interconnection
(OSI) model to detect LAN availability
problems, monitor access control and provide
data and message integrity. According to
Xiaoying (2008) these protocols are organized

into four layers. Each layer has a particular

responsibility and provides a service to the
layer above it. The four layers are shown in
Figure 2. Starting at the lowest layer, an
overview of each layer follows;
Link: The link layer is normally associated
with a particular communication medium.
Link layer protocols manage how packets
are physically transport along the medium
from one location to another. Ethernet is an
example of a link layer protocol.

All these layers together provide a standard

monitoring specification that enables various

network monitors and console systems to
exchange network-monitoring data.
According to FIPS PUB 191 (1994) the
types of applications provided by a LAN
include distributed file storing, remote
computing, and messaging. But With these

advantages however, comes additional risks

that contribute to the LAN security problems
which include (1) inadequate LAN
management and security policies, (2) lack
of training for proper LAN usage and
mechanisms in the workstation environment,
and (4) inadequate protection during
Network Monitoring Systems under Wireless
A recent article (Canavan 2011) stated that
wireless network products on the market today
are based on the IEEE 802.11b standard.
Wireless LANs offer limited mobility, but their
main appeal is that they do not require the
cabling that traditional Ethernet LANs employ.
This makes them particularly attractive to most
network users. However, they generally do not
have the throughput of standard Ethernet. Some

wireless technologies are employed for

LANs, and some are employed for WANs.
He further clarifies that there are two basic
components of a wireless network. The first is
an access point, which is a device that is usually
connected to a standard wired LAN, usually
through a hub. The second component is a
wireless LAN adapter that is connected to the
PC. The LAN adapter communicates with the
access point, usually through radio-based
Security in Wireless Networks
According to the literature that has been
surveyed a conclusion has been derived that
wireless networks have a basic capability of
capturing and analyzing network traffic, e.g., to
identify interference or security attacks, and
providing the monitoring results to the
management system.
Canavan (2011) stated that an optional
component of the 802.11b standard is wired
equivalent privacy (WEP) adds encrypted
communications between the wireless network
client and the access point. Most of the more
recent products include WEP as a standard

feature. Zimmermann et al adds that traffic

measurements can also help to secure and
protect wireless networks. For example, analysis
of the measurements can detect intrusion
attempts and verify that friendly networks are
authenticated and/or data is encrypted.
On the other hand Zimmermann et al goes on to
say that Monitoring of a deployed wireless
network can pinpoint several causes of
problems. For example, inter-channel and crosschannel radio interference can significantly
decrease the effective data rate of the network.

With respect to
network monitoring, the issue of automatic problem
detection without human support
is a major challenge. The remainder of this section
focuses on the evaluation of
those aspects.

This paper has examined several strategies for
designing a secure Local Area
Network. We have identified the need to define
a security policy, and balance
the organization's security needs with the
available resources. Next, we
considered a basic topology that allows for the
grouping of hosts by function, and
implementing security within the layer 3 design.
We looked at how to implement
the layer 2 network design securely,
implementing layer 2 security features and
minimizing threats at layer 2. And finally, we
rounded out our discussion by
discussing additional steps we can take to secure
the LAN, such as network
intrusion detection systems, private VLANs and
IPSEC. The network architect
must exercise careful planning, and attention to
detail to maximize the security of
the network while meeting the communication
needs of the organization.


1) Abbas, A, El Saddik, A and Miri, A.

(2006). A comprehensive approach to
designing internet security taxonomy,
School of Information Technology and
Engineering (SITE) University of
Ottawa, pp 1316-1319,[Online] IEE
Digital Library [Accessed on] 23rd
August 2011.

2) IPSWITCH INC, The value of network

monitoring, Why Its Essential to Know

Your Network, pp 1-7, [online] IEEE

Digital Library [Accessed on] 13
October 2011.

3) Danalis,

Dovrolis C. 2003.
ANEMOS:An Autonomous NEtwork
MOnitoring System. Computer &
Information Sciences,University of
Delaware. [online] IEEE Digital Library
[Accessed on] 23 August 2011

4) Xiaoying Z. (May 2008). Application of

Overlay Techniques to Network
Monitoring, pp 1-191 [Accessed on] 18
October 2011

5) A.C. Davenhall and M.J. Leese. 2005.

An Introduction to Computer Network
Monitoring and Performance. National
e-Science Centre article, version 1, pp 170. [Accessed on] 18 October 2011

10) Cecil, A. A summary of Networks

Traffic Monitoring and Analysis
[Accessed on] 13 October 2011.

11) Lippis,

N.J. (March 2009)WAN

advantage: New Thibking in Branch
Office and WAN Edge Design Plus
Services. Lippis Report White Paper. Pp
1-8, [Accessed on] 13 October 2011.
12) Federal
Standard Publication (FIPS PUB) 191,
Specifications for Guideline for The
Analysis Local Area Network Security,
November 9, 1994

13) Martin, James, and K. K. Chapman, The

6) Manish R. Sharma and John W. Byers.
Scalable Coordination Techniques for
Distributed Network Monitoring. Dept.
University. [Accessed on] 18 October

7) Ciuffoletti, A and Polychronakis M.

Architecture of a Network Monitoring
Greece. Pp 1-2. [Accessed on] 18
October 2011

8) Fan L and Fei L. 2010.Network

Monitoring System Design under
LAN. Shaanxi Regional Electric Power
Group, Northwest University, Volume
4, pp 587-591. [Online] IEE Digital
Library [Accessed on] 23rd August 2011

9) Grigoriev, M. and Cottrell, L.

area network monitoring system for hep
experiments at fermilab, usa . [Accessed
on] 23rd August 2011

Arben Group, Inc.; Local Area

Networks, Architectures and
Implementations, Prentice Hall, 1989.

14) John E. Canavan. 2011.Fundamentals of

Network Security, Library of Congress
Cataloging-in-Publication Data, Artech
House telecommunications library. Pp
1-218. [Accessed on] 13 October 2011.

15) Zimmermann, K, Felis,S, Schmid, S

Lars Eggert and Marcus Brunner
(n.d).Autonomic Wireless Network
Management. NEC Europe Ltd.
Network Laboratories, pp 1-14,
[Accessed on] 19 October 2011.