Transcription

The Hong Kong Polytechnic UniversityIndustrial CentreKnowledge Update Course forSecondary Computer TeachersAgenda Network Management Network management software Clients, servers, managers and agents Simple Network Management Protocol Network SecurityNetwork Management &Security Edward Cheung Recent development and future trends of datacommunication and networkingemail: [email protected]olyu.edu.hk18 July, 2003.030718 Network security management1.pptIntegrity mechanismsAccess control and passwordEncryption and privacyPublic and private key with examplesDigital signaturesPacket filteringBasic Internet firewall concept1030718 Network security management1.pptNetwork ManagementISO Network Management Model Any complex systems requires monitoring and control thisincluded autonomous systems or computer network. Network Management involved the deployment,integration and coordination of devices to monitor, test,poll, configure, analyze, evaluate, and control the networkand its components. The objective of network management is to meet therequirements of a network which including availability,real-time, operational performance, and Quality of Serviceat a reasonable cost. But network is heterogeneous. Devices need standards tocommunicate and exchange data. 2Five areas of Network Management are defined Performance Management The goal is to quantify, measure, report, analyse and control theutilization or throughput of different network components– RFC2570 Internet-standard Network Management Framework Fault Management The goal is to log, detect, and respond to fault conditions in thenetwork. Configuration Management The goal is to allow network manager to track which devices are onand their hardware and software configurations.– RFC3139 Requirements for Configuration Management of IP-basedNetworks Accounting Management Usage quotas, usage charging, allocation of resources and privileges. Security Management Control access to network resources according to a security policy.030718 Network security management1.ppt3030718 Network security management1.ppt4

Network Management Standards Common Management InformationProtocol (CMIP)Network Management StandardsBusiness Management OSI based management protocol object oriented – complex, notpopular and requires large memoryService Management becomes the TelecommunicationManagement Network (TMN) fortelecom service providers,Network Management ITU-T M series recommendationdefines the architecture and functionsof TMN and a tutorial is available inElement ManagementM.3000 TMN includes services and businessfunctions.TMN Logical Layered Architecture Simple Network Management Protocol (SNMP)Develop on client server conceptpolling based systemde facto network management standardcurrently SNMPv3platform independence Web based management Use ASN.1 Syntax By default SNMP uses UDP port 161 for sending andreceiving requests and port 162 for receiving traps frommanaged devices. http://www.tmforum.org030718 Network security management1.ppt5Managers and AgentsSNMP Organization Model manager is a server running some kind of software systemthat can handle management tasks for a network. Managersare also known as Network Management Stations (NMSs).Managers use polling to query network information. A NMS is responsible for polling and receiving traps fromagents in the network. the agent, is a piece of software thatruns on the network devices that are being managed. It canbe a separate program or a part of the operating system(e.g. Cisco's IOS on a router, or the OS of an UPS). A trapis a way for the agent to tell the NMS that something hashappened. Traps are sent asynchronously polls and traps can happen at the same time. Today, many network devices come with SNMP agentbuilt in.030718 Network security management1.ppt6030718 Network security management1.ppt7Trap sent to NMSAgentNMSQuery sent to agentResponse to query from the agent to the NMS030718 Network security management1.ppt8

SNMP OverviewDifferent SNMP Versions Management Information Base (MIB) Store of network information data Structure of Management Information (SMI) Data definition language for MIB objects SNMP protocol Communication protocol, commands Security, administration capabilities SNMPv3 addressed the security and provide a frameworkfor all versions of SNMP 030718 Network security management1.ppt9SNMP Version 1 (SNMPv1) - RFC 1157SNMP Version 2 (SNMPv2) is often referred to as community stringbased SNMPv2. This version of SNMP is also known as SNMPv2c. RFC 1905, RFC 1906, and RFC 1907 A large installation baseSNMP Version 3 (SNMPv3) current version RFC 1905, RFC 1906, RFC 1907, RFC 2571, RFC 2572, RFC2573, RFC 2574, and RFC 2575. It adds support for strong authentication and privatecommunication between managed entities.The official site for RFCs is http://www.ietf.org/rfc.html.Alternatively - RFC index at Ohio State fc/index.html10030718 Network security management1.pptSNMPv1SNMP Security Models and Security Levels ocessv1No A/PCommunity StringNov2/v2cNo A/PCommunity StringNoUse a Communitystring matching forauthenticationNo A/PUsernameNoUse an usernamematching for auth.MD5 or SHANoUse Hash-basedMessageAuthenticationCode. SNMPv1's security is based on communities. The community namesare essentially simple passwords.plain-text strings that allow any SNMP-based application that knowsthe strings to gain access to a device's management information.Typically, there are three communities in SNMPv1: read-only, readwrite, and trap.SNMPv1 and SNMPv2 use the notion of communities to establish trustbetween managers and agents.An agent is configured with three community names: read-only, readwrite, and trap.Most vendors ship their equipment with default community strings: public for the read-only community private for the read-write community It's important to change these defaults before the device isconnected to the network.030718 Network security management1.ppt11v3A andNo PA and P MD5 or SHADESPacketauthentication with56-bit DESencryptionA Authentication, P Privacy030718 Network security management1.ppt12

SMI & MIBSMI Structure of Management Information (SMI) provides away to define managed objects and their behavior. SMI isthe data definition language for SNMP, it provides a wayto define managed objects (MIB). MIB is the definition (in SMI syntax) of the objects. It ismore vendor specific. (MIB-II, RFC 1213). The agentdelivers information from the MIB or changes it under thedirection of a remote manager. Every managed resources has a MIB which containsexposed interface; e.g. a server MIB contains informationon CPU, memory system and a router MIB containsinterface information such as speed of protocol oninterfaces. 030718 Network security management1.ppt13 The Structure of Management Information Version 1(SMIv1, RFC1155) & Version 2 (SMIv2, RFC 2578)SMI defines precisely how managed objects are named and specifiestheir associated datatypes.definition of managed objects can be broken down into three attributes: Name The name, or object identifier(OID), uniquely defines a managedobject. Type and syntax A managed object's datatype is defined using a subset of AbstractSyntax Notation One(ASN.1). ASN.1 notation is machineindependent. Standardized by ITU-T. Encoding A single instance of a managed object is encoded into a string ofoctets using the Basic Encoding Rules(BER).030718 Network security management1.ppt14The SMI Object TreeThe SMI Object Tree The ITU-T subtree is administered by ITU-T and the jointsubtree is administered jointly by ISO ITU-T, theiso(1).org(3).dod(6 ).internet(1) subtree is for SNMP and itis represented in OID form as 1.3.6.1 oriso.org.dod.internet. E.g. Cisco Systems's private enterprise number is 9, so thebase OID for its private object space is defined asiso.org.dod.internet.private.enterprises.cisco, or1.3.6.1.4.1.9. The owner of the upper node is free to do asit wishes with this private branch. Each managed object has a numerical OID in dotteddecimal notation and an associated textual name. http://www.iana.org/assignments/smi-numbers Managed objects are organizedinto a tree-like hierarchy. Thisstructure is the basis forSNMP's naming scheme. Anobject ID is made up of a seriesof integers based on the nodesin the tree, separated by dots (.).Root nodeSubtree nodeLeaf node030718 Network security management1.ppt15030718 Network security management1.ppt16

RMONExample – Free Network Traffic Grapher MRTG Remote Monitoring Version 1 (RMONv1, or RMON) –current version RFC 2819 Initially defined for Ethernet provides the NMS with packet-level statistics about an entireLAN or WAN RMON Version 2 (RMONv2) - RFC 2021 builds on RMONv1 and allow the monitoring of networkand application layers statistics. Using SMIv2 RMON is a standard MIB that allows the capturing of realtime information across the network.030718 Network security management1.ppt 17The Multi Router Traffic Grapher (MRTG) is a freely available,popular and fully configurable trend-analysis tool. http://www.mrtg.orgIt generates graphs in the form of GIF or PNG images that can beembedded and browsed with web pages.MRTG is not an NMS solutionIt is a simple polling engine.No detection and resolution function.Open source NMS package, http://www.opennms.orgBy default, MRTG will generate the following graphs: Daily graph with 5-minute averages Weekly graph with 30-minute averages Monthly graph with 2-hour averages Yearly graph with 1-day averages030718 Network security management1.pptExamples of Network Management SoftwareNetwork Management Tools CA UniCenter TNG Hardware Bit Error Rate Tester (BERT) Protocol / Network Analyzer NMS & RMON probes Software OS dependent, common commands available onMicrosoft system are: nbtstat ifconfig ping nslookup netstat tracert http://www3.ca.com/Solutions/Solution.asp?id 315 HP Openview http://www.openview.hp.com/ IBM Tivoli http://www.tivoli.com/ OpenNMS http://www.opennms.org/users/downloads/030718 Network security management1.ppt19030718 Network security management1.ppt1820

Network Security Classification of Security AttacksITU-T recommendation X.800, Security Architecture forOSI divided security services into 5 catagories.Authentication - ensure the communicating entity is theone claimedAccess Control - preventing unauthorized use of resourcesData Confidentiality –protecting data from unauthorizeddisclosure and only the entities such as the sender and theintended receiver should understand the message contents.Data Integrity – ensure that the message has not beenaltered or destroyed without detection or warningNon-Repudiation - protection against denial by one of theparties in a communication030718 Network security management1.ppt21passive attacks eavesdropping on, or monitoring of, transmissions to: obtain message contents, or monitor traffic flowsactive attacks modification of data stream to: masquerade of one entity as some otherreplay previous messagesmodify messages in transitdenial of service030718 Network security management1.ppt22Security MechanismAuthentication, Access Control and Password a mechanism that is designed to detect, prevent, or recoverfrom a security attack no single mechanism that will support all functionsrequired However, there is one particular element that underliesmany of the security mechanisms in use: cryptographictechniques. Authentication establishes the identity of the sender and/orthe receiver of information. Any integrity check orconfidential information is often meaningless if the identityof the sending or receiving party is not properlyestablished. the process of validating the claimed identity Authorization establishes what is allowed to do after theuser has identified oneself also known as access control or permissions the process of granting access rights to user Authorization usually follows an authentication procedure access control limiting the flow of information from theresources of a system to only the authorized users orsystems in the network030718 Network security management1.ppt23030718 Network security management1.ppt24

Stream CiphersProblem with Stream CiphersStream cipher algorithms process plaintext to produce a streamof cipher text. It is a substitution cipher. Patterns in the plaintext are reflected in the ciphertext. Thismake guessing easy because certain words and letters ofthe alphabet appear in predictable regularity. The mostcommonly used letters of the alphabet in the Englishlanguage are e, t, a, o, n and I; least commonly used lettersare j, k, x. q and z; common combination is “th”, etc. One example of the stream cipher is the one-time pad. Thisis an unbreakable cipher. This can done by taking a random bit string as the key andcompute the XOR of the plaintext and the key, bit by bit.The total amount of data to be transmitted is limited by thelength of the key. Both parties must carry a copy of key and the plaintext isbeyond recovery on the event of loss synchronization.The cipher inputs the plaintext in a stream and outputs ofcipher text.a b c d e f g h i j k l m n o p q r s t u vw x y z1 2 3 4 a b c d e f g h i j 5 6 7 8 k l m n o p q rCipher textjalo58g i1j1caiajl 1j4 ka3m8elqplaintextnetwork managementand securitye.g. One-time pad, RC425030718 Network security management1.pptBlock CiphersA block cipher passes a block of data or plaintext through itsalgorithm to generate a block of cipher text.A block cipher should generate cipher text roughly equivalent insize (in term of number of blocks) to the clear text.A cipher that generates a block of cipher text that is significantlylarger that information it is trying to protect is of little practicalvalue. - redundancye.g. DES, IDEA030718 Network security management1.ppt26Breaking CiphersCryptologyBlock ciphers differ form stream ciphers in that they encryptand decrypt information in fixed size blocks.network management andsecurity030718 Network security management1.pptmi7r/ 9riFd%435jh Dti? rE;p[awO(!*jd#3Lo4uqT asf 94j}-aE27Involve devising ciphers (cryptography) and breaking them(cryptanalysis).CryptanalysisThe art of breaking ciphers is called cryptanalysis.This method requires a high level of skill and sophistication.It relies very heavily on the use of ultra-fast super computer.Brute ForceThis method tries every possible combination of keys oralgorithms to break a cipher.It require tremendous resources and computer assistance.030718 Network security management1.ppt28

Breaking CiphersBreaking CiphersThe cryptanalysis problem has 3 stages depending on whatinformation the hacker has:- Known-plaintext Attack Ciphertext-only Known-plaintext Chosen-plaintext This method relies on the code breaker knowing in advancethe plaintext content of a cipher text message. For example,the hacker may known the name of the sender and thereceiver or previous has intercepted one of the plaintextmessage sent by Alice to Bob. The hacker knows some ofthe plaintext-ciphertext pairings and he can break the codemore easily.Ciphertext-only Attack The hacker only have access to the intercepted ciphertext,without information on the contents of the plaintext message.In this case, the hacker can use statistical analysis to help incracking the cipher. For example, knowing the letters “e” and“t” are the most frequently occurring letters in typical Englishtext; 13% & 9% respectively and the combination of 2-letterand 3-letter occurrences of letters such as “in”, “ing”, etc.030718 Network security management1.ppt29Chosen Plaintext Attack This method relies on the ability of the hacker to choose theplaintext message and obtain its corresponding ciphertextform. For example, the hacker may ask Alice to send themessage “The quick brown fox jumps over the lazy dog.”For more sophisticated encryption techniques, a chosenplaintext attack does not necessarily mean that theencryption technique can be broken.30030718 Network security management1.pptEncryptionSymmetric Key EncryptionEncryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people.Symmetric key, also referred to as private key or secret key, isbased on a single key and algorithm being shared between theparties who are exchanging encrypted.Decryption is the process of converting encrypted data back intoits original form, so it can be understood.Encryption is the process of scrambling the contents of a file ormessage to make it unintelligible to anyone not in possession ofthe “key” required to unscramble the file or message.There are two types of encryption:The same private key both encrypts and decrypts message.The etric (private) key, andSecret KeyEncryptPlain textjD4 [email protected])st!Oyb#f urC,v9*Rd]/auR 7& bUqs{hguCipher textSecret KeyDecryptThe n textAsymmetric (public) key encryption.030718 Network security management1.ppt31030718 Network security management1.ppt32

Symmetric Key EncryptionAdvantages:Symmetric Key CryptosystemsExample of widely deployed symmetric key cryptosystemsinclude DES, IDEA, CAST and RC4.If the key is larger, the more secure the schemeSymmetric key encryption is fast.Data Encryption Standard (DES)Disadvantages:The system key or algorithm has to be shared.Private key cryptosystems are not well suited for spontaneouscommunication over an unsecured network.Symmetric key provide no process for authentication or nonrepudiation.PC E K(P)Ciphertext030718 Network security management1.ppt The key is a sequence of eight bytes, each containing eightbits for a 64-bits key.DES is widely used in automated teller machine (ATM) andpoint-of-sale (POS) network.PPlaintext33Advanced Encryption Standard (AES) DES consists of an algorithm and a key.Actually, the key is 56 bits in length, since each bytecontains one parity bit.Key Distribution CenterPlaintextDES is one of the oldest and most widely used algorithms.030718 Network security management1.ppt34IDEA & CASTDES is published in 1977 and updated in 1993 by NISTFor commercial and nonclassified US government useDES encodes plaintext in 64-bit chunks using 64-bit key; a blockcipher.How well does DES work? How secure it is? No one knows for sure. RSA launched an annual DES Challenge in 1997 to crack a shortphase it had encrypted using 56-bit DES. The winning teams took4 months in 1997 and 22 hours in 1999.One can increase the strength of the cipher by more iterations; 3DES.PPP protocol (RFC2420) use 3DES at the data link layer.NIST in 2001 announced AES to replace DES.AES is a symmetric key algorithm that processes data in 128-bit blocksand can operate with keys that are 128-bit, 192-bit and 256-bit inlength.NIST estimated that a machine that could crack 56-bit DES in 1second would take 149 trillion years to crack a 128-bit AES key.International Data Encryption Algorithm (IDEA)IDEA is a symmetric key block cipher.IDEA utilizes a 128-bit key.It is efficient to implement in software than DES andtriple DES.CAST (Carlisle Adams and Strafford Travares)THE CAST algorithm supports variable key lengths,anywhere from 40 bits to 256 bits in length.CAST used a 64-bit block size as same as the DES,making it suitable drop-in replacement.CAST is 9 times faster than 3DES and use in PGP.030718 Network security management1.ppt35030718 Network security management1.ppt36

More on Symmetric Key CiphersAsymmetric Key EncryptionRivest Cipher #4 (RC4)Asymmetric cryptosystem is also know as public keycryptography.RC4 is a stream cipher that uses a variable size key.Used with 128 bits it can be very effective.Public key cryptography used two key as opposed to one key fora symmetric system.Use in Internet Explorer and Netscape.There is a public key and a private key.The Advantages and Disadvantages of Symmetric Key CryptographyAdvantagesDisadvantagesFastRequires secret sharingRelatively secureWidely understoodComplex administrationNo authentication / nonrepudiationThe ic KeyEncryptPlain text37030718 Network security management1.pptjD4 [email protected])st!Oyb#f urC,v9*Rd]/auR 7& bUqs{hguDecryptThe HongKongPolytechnicUniversity,IndustrialPrivate Key CentreCipher textPlain text38030718 Network security management1.pptAsymmetric Key EncryptionAsymmetric Key EncryptionEach user has a private key that decrypted only the message thatwere encrypted by its public key.The private key is kept secretAll public keys are published in a directory.Asymmetric or public key cryptography is more versatile.Company APlaintextmessageto BPublic key allows for secure spontaneous communication overan open network, it is more scalable for large system.The Advantages and Disadvantages of Public Key CryptographyEncryptedusing B’spublic keyAuthenticatedmessage to BTransmittedthrough networkAdvantagesNo secret sharing necessaryAuthentication supportedCompany BPlaintextmessageto BDecryptedusing B’sprivate keyDisadvantagesSlower or computationally intensiveCertificate authority requiredProvides non-repudiationScableAuthenticatedmessage to BFigure: Secure transmission with public key encryption030718 Network security management1.ppt39030718 Network security management1.ppt40

Rivest, Shamir, Adelman (RSA)RSAThe RSA algorithm multiplies large prime numbers togetherto generate keys. It is extremely difficult to factor the productof large prime numbers. The security of RSA relies on the fact that there are noknown algorithm for quickly factoring a number and sinceit is not known whether or not the algorithm exist, hencethe security of RSA is not guaranteed. The exponentiation required by RSA is a rather timeconsuming process. DES is at least 100 faster in softwareand between 1,000 and 10,000 times faster in hardware. In practise, RSA is often used with DES or AES. For example, Alice may choose a DES key to encode largeamount of data, known as the session key. Alice thanencode the session key using Bob’s public key. Then Bobdecrypts the message and obtain the session key using hisprivate key. Bob can then use the session key to decryptthe large amount of data.Public Key:n product of two primes, p and qn p*qe relatively prime to (p-1)(q-1)ed 1 mod(p-1)(q-1)Private Key:d e-1 mod [(p-1)(q-1)]Encrypting:c me mod nDecrypting:m cd mod n p and q are two randomprime numbers, and mustremain secret e is encryption key d is decryption key c is the encrypted message m is decrypted message030718 Network security management1.ppt41Authentication42030718 Network security management1.pptAuthenticationCompany AAuthentication in a digital setting is process whereby thereceiver of a message can be confident of the identity of thesender.The lack of secure authentication has been a major obstacle inachieving widespread use of the Internet for commerce.One process used to authenticate the identity of individual orentity involves digital signatures.The figure illustrates howauthentication can becombined with publicencryption to provide asecure and authenticatedtransmission.Plaintextmessage toBEncryptedAuthenticatedmessage to BEncryptedusing B’spublic keyTransmittedthrough networkAuthenticatedmessage to B43Authenticatedmessage to BCompany BDecryptedusing B’sprivate key030718 Network security management1.pptEncryptedusing A’sprivate key030718 Network security management1.pptEncryptedAuthenticatedmessage to BDecryptedusing A’spublic keyPlaintextmessage toB44

Digital SignatureDigital Signature & Message Digest A digital signature allows a receiver to authenticate theidentity of the sender and to verify the integrity of themessage. 3 requirements 2 goals The sender of the data is as claimed. The sender has signedthe data and this signature can be checked. The transmitted data has not been changed since the sendercreated and signed the data Verifiable Nonforgeable Nonrepudiable Message digest (MD) is like a checksum; take a messageof arbitrary length and computer a fixed-length fingerprintof the data known as a message digest. The protection is that if the message has been changed, themessage digest for the original message must be different. Alice can just sign the MD with her private key. This can be easily done by using techniques of public keycryptography. The problem is that the process of signing is slow; costly. A more efficient approach is to use message digest.030718 Network security management1.ppt45Hash FunctionDigital Signature A hash function takes a message of any length andcomputes a product value of fixed length. The product isreferred to as a “hash value”. Hash functions are used to ensure the integrity of amessage or file. The hash value is the cyptographic checksum of themessage and offer refer to as the fingerprint of a message. Hash function must be one way only. Building blocks of message authentication codes Popular implementations are MD5 (128-bit) and SHA(160-bit)030718 Network security management1.ppt46030718 Network security management1.ppt47Sender’spublic keySender’sprivate geDecryptSignaturePlaintextmessageTo sign a message, senders append their digital signature to the endof a message and encrypt it using the recipient public key.Recipients decrypt the message using their owe private key andverify the sender’s identity and the message integrity by decryptingthe sender’s digital signature using the sender’s public key030718 Network security management1.ppt48

Digital CertificateDigital CertificateA digital certificate issued by a certification authority (CA)utilizing a hierarchical public key infrastructure (PKI) can be usedto authenticate a sender’s identity for spontaneous.The receiver verifies the certificate by decryption it with theCA’s public key – and must also contact the CA to ensure thatthe user’s certificate has not been revoked by the CA.Digital certificates provide a high level of confidence in the individualor entity with which you are communicating.For higher-security certifications, the CA requires a unique“fingerprint” be issued by the CA for each message sent by theuser.A person wanting to use a CA registers with the CA and must providesome proof of identify.The CA issues a digital certificate that is the requestor’s public keyencrypted using the CA’s private key as proof of identify.The user submits the message to the CA, who creates the uniquefingerprint by combining the CA’s private key with themessage’s authentication key contents.The certificate is attached to the user’s e-mail or Webtransactions in addition to the authentication information.030718 Network security management1.ppt49030718 Network security management1.ppt50Kerberos Key ExchangeKerberos Key ExchangeKerberos key exchange is a network authentication protocoldeveloped at MIT.Kerberos utilizes cryptographic keys referred to as “tickets” tocontrol access to network server resources.It is designed to provide strong authentication for client/serverapplications by using a combination of both private key andpublic key cryptography.Tickets are encrypted passes or files issued by the “trusted”server to users and processes to determine access level.Kerberos utilizes a single central server to act as a trusted thirdparty to authenticate users and control access to resources onthe network.The basic premise behind the Kerberos security is that itis not possible to ensure security on all network servers.The Kerberos model proposes is possible to truly securea single server.030718 Network security management1.ppt51There are six types of tickets:1) Initial, 2) Invalid, 3) Pre-authenticated,4) Renewable, 5) Forwardable, and 6) Postdated.The following six figures illustrate the Kerberos key exchangeprocess.030718 Network security management1.ppt52

Kerberos Key ExchangeKerberos Key ExchangeThe client creates a request to send to the Kerberos server. Therequest is digitally signed by the client using the client ownprivate key.The client takes the digitally signed request and encrypts itusing the Kerberos server public key.Step Two:Step One:ClientClient requestDigitally signedclient requestRequestaccess topayroll serverRequestaccess topayroll serverClientDigitally signedclient requestDigitally signedclient requestRequestaccess topayroll serverM*hE6)n?’k7!bG[qo#wg9c)3B/s4sTn5d*!jrYp dtk Wxk8ciO2pE.8*p&kf sYk.k%j3*mN e.%Gp([email protected] keyserver’s public keyEncrypted using theKerberos server’spublic key.k%j3*mN e.%Gp([email protected] requestusing client’sprivate key53030718 Network security management1.ppt54030718 Network security management1.pptKerberos Key ExchangeKerberos Key ExchangeThe client sends the digitally signed and encrypted request tothe Kerberos server.If the Kerberos server determines that the client does haveauthorization to access the payroll server, the Kerberos serversends identical session tickets to both the client and the payrollserver.The Kerberos server decrypts the request using its private keyand then authenticates the originator of the request byverifying the digital signature of the sender.Step Four:Encrypted withclient’s public keyStep Three:Digitally signedclient requestRequestaccess topayroll serverClient.k%j3*mN e.%Gp([email protected] Network security management1.pptDigitally signedclient requestTicketSession keyClientM*hE6)n?’k7!bG[qo#wg9c)3B/s4sTn5d*!jrYp Kerberos keydtk Wxk8ciO2pserver’s public key E.8*p&kf sYkEncrypted using theKerberos server’spublic keyKerberoskey server55Kerberoskey serverTicketSession keyPayrollserver030718 Network security management1.pptEncrypted withpayroll server’spublic key56

Kerberos Key ExchangeKerberos Key ExchangeThe client then sends a copy of its ticket to the payroll server.Before transmitting

Simple Network Management Protocol (SNMP) Develop on client server concept polling based system de facto network management standard . Example – Free Network Traffic Grapher MRTG The Multi Router Traffic Grapher(MRTG) is a freely avail