HostedDB - Dedicated UNIX Servers

-->
IT Baseline Protection Manual - Chapter 6.8 Network and system management

6.8 Network and system management

Description

A management system for a local computer network is normally used to control all the hardware and software components located in the local network. Such systems should support the system administrators as much as possible in their daily work. There is a basic distinction between network management and system management. The differences are due to the components that are controlled.

Network management includes all the precautions and activities for securing the effective use of a network. For example, this includes checking that the network components are functioning correctly, monitoring the network performance and centrally configuring of the network components. Network management is primarily an organisational problem which can only be supported by technical means, a network management system.

System management is primarily concerned with the management of distributed IT systems. This includes, for example, the central administration of the users, the distribution of software, the management of the applications, etc. In several areas, such as configuration management (the monitoring and consolidation of configurations of a system or a network component), it is impossible to clearly distinguish between network management and system management.

In the following, the (software) system used to manage a network and its components is always referred to as "management system". The components that it manages are called "managed system". These terms are used particularly in the area of network management.

A network and system management framework is defined in ISO/IEC standard 7498-4 and in X.700 of ITU-T. The tasks of a management systems are:

  1. configuration management,
  2. performance management,
  3. error management
  4. invoice management
  5. security management.

A specific system management product does not only have to offer support in each of these areas. The suppliers usually offer ranges of products designed in such a way that special functionalities can be obtained as a module or an associated individual product.
Network management is the older and more mature management discipline. In comparison, system management is a relatively new discipline, but is requested more and more due to the rapidly-increasing networking in enterprises and authorities and the resulting increase in heterogeneity and complexity. The goal here must be to integrate the two disciplines. The management products available at the moment are designed in such a way that they can primarily be used either for network management or for system management. Products which combine the two functionalities are still under development. As a rule, products that are designed for system management also allow access to information concerning network management.

Due to the heterogeneity of the hardware and software of current networks, system management is an extremely complex task. System management is made even more difficult through the fact that management software and the software to be managed have to work together. As a rule, the software available today is not designed to work together with a management system. This is partly due to a lack of standards which, for example, guarantee sufficient security and partly due to the fact that large software packages are fitted with their own management, because restricted information necessary for managing the software should not be revealed. For example, the Microsoft Internet Explorer has management software, the "Internet Explorer Administration Kit (IEAK)", which allows the administrator to select security settings which cannot be changed by the user or can only be changed to certain values. The functions of this tool are proprietary and are not subject to any standards. The architecture of management software generally has a centralist structure. There is a central management station or control panel from which the system administrators can manage the network for which they are responsible together with the hardware and software it contains. Particularly the systems for network management are based on this. As a result of the lack of standards in the area of system management, the available products often have centralist architecture, yet the details are proprietary and no general statement can be made about the architecture.

A network management system is usually based on a model which distinguishes between "manager", "agent" (also "management agent") and "managed objects". Other components are the protocol used for communication between the manager and the agents, as well as an information database, the so-called "MIB" (Management Information Base). The MIB must be available to both the manager and each management agent. The idea is that management agents and their MIB are seen to be part of the managed system.

An agent is responsible for one or more of the objects which are to be managed. It is possible to organise the agents hierarchically. Agents are then responsible for the subagents assigned to them. There is always an object to be managed at the end of each command chain formed in this way. An object to be managed is either an existing physical object (device) such as a computer, a printer or a router, or a software object such as a background process for the administration of print jobs. In the case of devices that can be managed with a management system, the management agent is usually "permanently" integrated in the device by the manufacturer. If the agent does not understand the communication protocol used by the manager, a software management agent is required which can convert the protocol.

In a similar way, software components may already contain the management agent or a particular management agent is required which is designed for the administration of this software component. In order to address the individual components of the system to be managed, the manager exchanges information with the agents. The type of protocol used for the communication has a considerable impact on the capabilities and, in particular, the security of the management system. Management systems can basically be divided into three categories according to the communication protocol used (see also S 2.144 Selection of a suitable network management protocol):

  1. SNMP (Simple Network Management Protocol), the widespread standard protocol of the TCP/IP-based system management, is used.
  2. CMIP (Common Management Information Protocol), the less-common standard protocol of the ISO/OSI-based system management, is used.
  3. A manufacturer-specific protocol is used. It is normally possible to use what are known as adapters to integrate the standard protocols, whereby there is usually only a SNMP connection.

The SNMP protocol is used most often. SNMP is an extremely simple protocol which only recognises five types of messages and is therefore easy to implement. CMIP is mainly used to manage telecommunications networks and is irrelevant in management based on the Internet or Intranet, as it uses the OSI protocol stack rather than the TCP/IP stack.

Although system management systems usually have a centralist structure to allow the system to be managed from a management station, the exact architecture depends on the possible size of the systems which can be managed and on the range of functions offered. These systems range from simple collections of management tools which can be used next to each other in small networks without being integrated to management platforms which can manage a world-wide company network containing thousands of computers.

Certain management platforms use proprietary protocols for communication between the components. These systems usually have a higher performance range and are not only used for network and system management but also offer resource management for entire organisations. Through the insufficiently-specified security mechanisms in the few existing standards, the manufacturers' own solutions provide security-relevant mechanisms such as cryptographic techniques.

Threat Scenario

The following typical threats are assumed for the IT baseline protection of a management system:

Höhere Gewalt

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

The system to be managed consists of individual computers, gateways and the physical network. Each of these components presents a potential security risk for the whole system. These risks cannot be eliminated entirely through the implementation of management software. This is due to the fact that it is not usually possible to include all systems in a management system to the same extent. The basic requirements for the security of the system are the definition and implementation of a security policy for the whole enterprise. In the case at question, this policy must be expressed particularly in the configuration of hardware and software. For this reason, particular attention should be paid to the safeguards of the modules listed in chapter 6. Module 6.7 can be used as a starting point.

As management systems are designed with a centralist structure, the management station is of particular importance for security considerations, and a particular effort must therefore be made to protect it. Thus, important components of a management system should be set up in rooms which correspond to the requirements for a server room (see chapter 4.3.2). If no server room is available, they can alternatively be set up in a server cabinet (see chapter 4.4 Protective Cabinets). In order to successfully set up a network and system management system, a series of measures should be taken, starting with the design, then going on to the purchase and operation. The steps and measures involved are described below:

1. Creation of a management concept based on the requirements which result from the existing IT system.

1.1 Requirement analysis (see S 2.168 IT system analysis before the introduction of a system management system)

1.2 Definition of the concept (see S 2.169 Developing a system management strategy)

2. Before purchasing the management system, it is first necessary

2.1 to formulate the requirements for the management product resulting from the management concept (see S 2.170 Requirements to be met by a system management system) and, based on this,

2.2 to select a suitable management product (see S 2.171 Selection of a suitable system management product)

3. The security-relevant safeguards for the operation of the management system are divided into the areas:

3.1 Installation with the implementation of the management concept (see S 4.9 Secure installation of a system management system) and

3.2 the current operation of the management system (see S 4.92 Secure operation of a system management system). Of course, the previous safeguards for

3.3 the current operation of the managed system should also be observed (see chapters 4 to 9).

The following section presents the range of safeguards for the module Network and system management.

Infrastructure:

Organisation:

Personnel:

Hardware / Software:

Communications:

Contingency Planning:


© Copyright by
Bundesamt für Sicherheit in der Informationstechnik
last update:
October 2000
home