Week Eleven Assignments
Theme for the Week - Network Management Security
Learning Objectives:
• Describe the contributions made by an automated network management system to the security of a network infrastructure.
• Design a distributed network management infrastructure using commercially available components.
• Explain why SNMPv3 was developed.
Readings:
• Chapter 12 - Network Management Security. Please note that this chapter is not available from your textbook. Instead, you must access it on the author's companion web site at the following URL:Chapter 12
This week:
It would make our lives as network administrators much easier if the secure networks we built never needed monitoring or fine tuning. In that perfect world, we would set them up and they would work forever with no issues. Networks are only as secure as their next exploit, and they must be constantly monitored and upgraded to recognize and mitigate evolving threats. However, the act of monitoring a network is made more difficult by the security constraints that we implement. Therefore, we need to know the strong points and limitations of network management architectures.
Our lesson examines one such architecture based on Simple Network Management Protocol (SNMP). We will discuss the standards that define it, the elements it is composed of, and the data it collects. Now, let's get started.
Assignment 11_1 (On-line Quiz)
Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.
You need to take the quiz by the end of the week to earn credit.
Assignment 11_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.
1. What is view-based access control and what is it used for. In your answer provide an example of where you might use it.
2. As a lead-in to this week's reading assignment, the author provides a quote from The Art of War by Sun Tzu. How does that quote relate to Network Management Security?
3. What is a Management Information Base (MIB) and what is is used for in SNMP? Provide examples.
4. Why was SNMPv3 developed? How does it improve security over versions 1 and 2?
5. What is the meaning of the term principal, as used when describing SNMP? How does this term relate to a principal as used in Kerberos standards?
6. Put your hacking hat on for this question. If you wanted to attack SNMP, how might you do it? What would be the objective of your attack? In your answer, you get to pick the version for your attack.
7. Why would you want SNMP installed on your network and how would it improve security. Please note that, "It won't improve security and I don't want it," is not an acceptable answer.
8. What are the main modules in a traditional SNMP Engine, and what does each do?
9. What is an SNMP community? Should each community be secured the same. Explain your answer and provide an example.
10. Why is authentication and authorization required in SNMP. Explain what might happen if SNMP didn't provide for either one.
Our trivia question for the week: What is Code Red (not the drink), when did it originate, and what did it do to Cisco 675 and 678 routers?
General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!
Assignment 11_3 (Attach to this assignment)
Review the diagram of an example distributed network management configuration on P 12-9 of our reading assignment. For each different element shown, describe its roles and function.
Save your description to a Microsoft Word document as CYBR515 Assignment 11_3 and attach it to this assignment.
Assignment 11.4 Milestone 5 (Due next week)
You should devote some time to the Milestone 5 submission for your semester project this week. The next set of deliverables are due on the last day of Week 12. Get started as soon as you can to avoid the last minute rush.