User:Ziby009

Internet management (SNMP) A network manager is a person responsible for monitoring and controlling the hardware and software system that comprise an Internet. A manager works to detect5 and correct problems. A network management software  allows a manager to monitor and control remote network components. When a manager needs to interact with a specific hardware device, the manager runs an application program that acts as a client and an application program on the network device acts as a server. The client and server use conventional transport protocols such as UDP or TCP to interact. The client sends request, and the server responds. Instead the client application that runs on the manager’ computer is called a manager, and an application that runs on a network device is called an agent. Simple Network Management Protocol (SNMP) A standard protocol used to manage an internet is known as the Simple Network Management Protocol (SNMP); the current standard is version 3 i.e. SNMP version 3. The SNMP Protocol defines exactly how a manager communicates with an agent. For example, SNMP defines the format of requests that a manager sends to an agent and the format of replies than an agent returns. In addition, SNMP defines the exact meaning of each possible request and reply. In particular, SNMP specifies that an SNMP message is enclosed using a standard known as Abstract Syntax Notation.1. SNMP uses the fetch-store paradigm for interaction between a manager and an agent. Each object to which SNMP has access must be defines and given a unique name. Collectively, the set of all objects SNMP can access is known as management information base (MIB). In fact, SNMP does not define a MIB. Instead, the SNMP standard only specifies the message format and describes how messages are encoded. Message Digest 5 (MD 5) MD5 is an algorithm that is used to verify data integrity through the creation of a 128-nit message digest from data input. MD5 is intended for use with digital signature applications, which require that large files must be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. According to the standard, it is “computationally infeasible” that any two messages that have been input to the MD5 algorithm could have same message digest as the output. MD5 is the third message digest algorithm created by Rivest. All three (the others are MD5 and MD4) have similar structures. The MD5 algorithm is an extension of MD4. MD5 is not quiet as fast as the MD4 algorithm, but offers much more assurance of data security. MD5 Algorithm Description We begin by supposing that we have a b-bit message as input, and that we wish to find its message digest, Here b is an arbitrary monnegative integer; b may be zero, it need not be a multiple of eight, and it may arbitrarily large. We imagine the bits of the message written down as follows: m(0),m(1)………………m(b-1).

The following five steps are performed to compute the message digest of the message. •	        Step 1. Append Padding Bits •	        Step 2. Append Length •	        Step 3. Initialize MD Buffer •	        Step 4. Process Message in 16-Word Blocks •	        Step 5. Output Step 1 – Append Padding Bits The message is padded so that its length becomes 512 bits. The padding is done by adding a one following by enough zeros so that length of message becomes 512 bits. Step 2 – Append Length A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the  previous step. At this point the resulting message (after padding with bits and with b (64 bits) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16(32-bit) words.  Let M[O…..N-I] denote the words of the resulting message, where N is multiple of 16.	Step 3 – Initialize MD Buffer A four-word buffer (A,B,C,D) is used to compute the message digest.  Here each of A,B,C,D is a 32-bit register.  The main MD5 algorithm operate on a 128-bit state, divided into four 32-bit words, and they are stored in the buffers A,B,C and D.   These are initialized to certain fixed constants.	Step 4- Process message in 16-word blocks The main algorithm then operates on each 512-bit message block in turn, each block modifying the state.  The processing of a message block consists of four similar stages, termed  rounds; each round  is composed of 16 similar operations based on  a non-linear function F, modular addition, and  left rotation. Figure below illustrates one operation within a round. There are four possible functions of F ( ie F,G,H,I ); a different one is used in each round:

Types of Attacks and IDS Types of Network attacks A network attack or security incident is defined as a threat, intrusion, denial-of-service, or other attack on a network infrastructure (eg. – a company’s LAN) that will analyze your network and gain information to eventurally cause your netwrok to crash or to become corrupted. In many cases, the attacker might not only be interested to exploiting software applications, but also try to obtain unauthorized access to network devices. Unmonitored network devices are the main source of informkation leakage in organizations. If the attacker is able to “own” your network devices, then they “own” your entire network. There are at least seven types of network attacks. 1.	Spoofing 2.	Sniffing 3.	Mapping 4.	Hijacking 5.	Trojans 6.	DoS and DdoS and 7.	Social engineering 1) Spoofing (identity Spoofing or IP Address Spoofing)	Any Internet connected device (e.g.-Router) necessarily sends IP datagram’s (data packets) into the network. Such Internet data packets carry the sender’s IP address as well as application-layer data.  If the attacker obtains control over the software running on a network device (in particular its operating software), they can then easily modify the device’s protocols to place an arbitrary IP address into the data packet’s source address field.  This is known as IP spoofing.  With a spoofed source IP address on a datagram on a datagram, it is difficult to find the host that actually sent the datagram.   Routers that perform ingress filtering check the IP address of incoming datagram’s and determine whether the source address is in the range of network addresses.  If the source address is not in the valid range, then packets will be discarded. 2) Sniffing 	Packet sniffing is the interception of data packets traversing a network.  A sniffer program works at the Ethernet layer (Data Link Layer) in combination with network interface cards (NIC) to capture all traffic travelling to and from an Internet host site.  Most packet sniffers are passive and they listen (and possibly recording) all data-link-layer frames passing by the device’s network interface.  Sniffing can be detected two ways: (1) host-based and (2) network-based.

3) Mapping (Eavesdropping)	Before attacking a network, attackers would like to know the IP addresses of machines on the network, the operating systems they use, and the services that they offer.  With this information, their attacks can be more focused.  The process of gathering this information is known as mapping.  In general, the majority of network communications occur is an unsecured or “clear text” format, which allows an attacker who has gained access to data paths in your network to “listen in” or interpret (read) the traffic.  Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network. 4)  Hijacking (man-in-the-middle attack) This is a technique that takes advantage of a weakness in the TCP/IP protocol stack, and the way headers are constructed. Hijacking occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you. 5)  Trojans	These are programs that look ordinary software. The number of Trojan techniques are only limited by the attacker’s imagination. The only protection is early use of a cryptographic checksum (or binary file digital signature) procedure. 6)   Denial-of-Service attack and Distributed-Denial-of-Service attack (DDoS) A denial of service attack is a special kind of Internet attack aimed at large websites. Yahoo! And e-Bay were both victims of such attacks in February 2000 : There are three basic types of attack : •	Consumption of computational resources, such as bandwidth, disk space, or CPU time •	Disruption of configuration information, such as routing information •	Disruption of physical network components. The consequences of a DoS attack are the following “ •	Unusually slow network performance (opening files or accessing web sites) •	Unavailability of a particular web site •	Inability to access any web site.