Embed Size (px)
DESCRIPTION
Computer Threat Managment: Issues and Challenges
Citation preview
Computer Network Management Using Cyberoam Threat Manager:
Issues and Challenges
Olu F. O., Adedayo O. S., Ayanleke O. A., Mohammed A. N. & Mohammed H. Energy Commission of Nigeria. Abuja
1
Paper presented at International Conference and Exhibition on Power and Telecommunication ICEPT 2015.
Leisure Springs Hottel, Iwo ‐ Ibadan Road Osogbo Osun State 12th ‐ 16th October, 2015
• What is network management – Importance of NM system • ISO’S functions of a Network Management system • Technologies used in network management • Cyberoam UTM as a type of network management device (Types, hardware and management features) • Issues and Challenges of Cyberoam UTM • Recommendations • Conclusion
AGENDA
2
What is network management Network Management is a service that employs a variety of tools,
applications and devices to assist human network managers in monitoring and effectively maintaining computer networks
Importance of NM system Building networks can be hard work. Installing cost‐efficient infrastructure,
optimizing bandwidth, balancing network loads, securing traffic — all of these tasks take a great deal of careful planning and expertise.
Yet building a network is often the easy part of being an IT administrator. The real challenge is managing the network to keep it running smoothly and securely at all times and your best bet to doing so is to have an effective network management system
3
International Organization for Standardization (ISO) Model for NM
The ISO, under the direction of the OSI group, has created a network management model as the primary means for understanding the major functions of network management systems.
The OSI network management model categorizes five areas of functions
4
ISO’S FUNCTIONS OF A NM SYSTEM
1. Performance Management The goal of performance management is to measure and make available various aspects of network performance so that internetwork performance can be maintained at an acceptable level. Examples of performance variables include network throughput, user response times and line utilization. 2. Configuration Management The goal of Configuration Management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements are tracked and managed adequately. 3. Accounting Management The goal of accounting management is to measure network utilization parameters so that individual or group uses on the network can be regulated appropriately. Such regulations minimizes network problems and maximizes fairness of access.
4. Fault Management The goal here is to detect, log, notify users of, and to an extent automatically fix network problems in order to keep the network running. Because faults cause downtime, fault management is perhaps the most widely implemented of ISO management elements. 5. Security Management The goal of security management is to control access to Network resources according to local guidelines in order To avoid sabotages in computer networks.
5
Technologies used in NM
Router A router is a device that forwards data packets along networks to a specific destination.
Switch A switch is a device that filters and forwards packets between LAN segments.
A Cisco 3900 model router
D‐link 24 port switch
Cisco Catalyst 4650 switch
Cisco 3900 Router
6
Technologies used in NM
Unified Threat Manager (UTM) Unified Threat Manager (UTM) UTM is an approach to security management that allows an administrator to monitor and manage a wide variety of security‐related applications and infrastructure components through a single management console.
A network management application (NMA) is the software that sits on the network management station (NMS) and retrieves data from management agents (MAs) for the purpose of monitoring various devices on the network.
Dude demo, an example of a NMA
CR UTM devices
7
Cyberoam UTM as a type of NM device Model Types
CR 2500ia CT 1000ia CR 750ia CR 500ia
CR 300ia CT 200ia CR 100ia
CR 50ia CT35ia CR 25ia
Cyberoam 2500ia
Cyberoam 300ia
Cyberoam 50i
8
Cyberoam UTM as a type of NM device Hardware Features
POWERFUL HARDWARE POWER RATING
Multicore Gigahertz processor for Nano second security processing. Gigabit ports to integrate with Gigabit networks. Cyberoam NG Flexi port system allows flexible connections on both fiber and copper.
Input Voltage:100 ‐ 240VAC Consumption: 137W Total Heat Dissipation:BTU467
9
Cyberoam UTM as a type of NM device Firmware (10.6.2)
While some firmware are appliance specific some of them can run on all models of Cyberoam.
The latest firmware CyberoamOS 10.6.2 support NG series and UTM security appliances. It has an execution point of interest to be accessible for all Cyberoam security appliances, hence it meets necessities of small business, medium sized markets to large and extensive initiatives.
Cyberoam has more enhancement features on it to offer new functions to users on their security appliances. These enhancements include: Readiness of Cyberoam in Discover mode (ATP mode), which will enable users (customers) and partners to access Cyberoam security.
Tight integration with hardware Network & Crypto Analysis
UNIQUE FEATURES
10
Features of Cyberoam UTM Cyberoam is the identity‐based UTM solution that offers Integrated Security with fine granularity through its identity‐based policies. It offers comprehensive threat protection with: •Identity‐based Firewall •VPN‐Threat free tunneling •SSL VPN •Gateway Anti‐Virus & Anti‐Spam •Intrusion Prevention System •High Availability •Content Filtering •Bandwidth Management •Multi‐Link Manager •On‐Appliance Reporting
Cyberoam UTM Family
11
Cyberoam Easy‐to‐Use GUI
• Cyberoam allows easy
configuration of network to establish how your appliance connects, interacts with your network, and allows configuring network specific settings.
• The appliance basically has a number of physical interfaces .
• Ports and number of interfaces depends on the appliance model.
12
Snapshots of Cyberoam unique features
Cyberoam I‐View
Cyberoam High Availability
13
With over 1200 reports, iView provides identity‐based reporting for visibility into user and network activities.
Clustering Technology is used to ensure High Availability. In a cluster, two appliances are grouped together and instructed to work as a single entity.
Challenges of Using Cyberoam UTM
1. Need for intensive training, up to certification levels, for technical hands, product needs to be marketed more intensively so as to make both support and penetration impact deeper.
2. Product needs to be marketed more intensively so as to make both support
and penetration impact deeper. 3. Observation in the field revealed that the resilience of the system software
(iOS) in the face of incessant power outages needs improvement. This may be achieved through reduction of number of procedures or processes the software undergoes when running.
4. Technical support is still scanty in the country, thus allowing a relatively longer
response time. More engineers need to acquire skills in Cyberoam management.
14
Conclusions and Recommendations
Cyberoam Unified Threat Management appliance has been comprehensively presented as an efficient product, where there is the opportunity to centrally manage network monitoring, control and maintenance, from a single console. It is not the only product available to a network manager, but having been tested and recommended by network managers for UTM applications, it is able to meet most configuration policies especially those in discussion above. In the light of the above, business minded engineers and technology enthusiasts are encouraged to harness opportunities in this product. It is also recommended for proof of concept as an assessment. Researchers should also consider network management as an area of further interest.
15
THANK YOU & GOD BLESS
16
