A literature review is a body of text that aims to review the critical points of current knowledge including substantive findings as well as theoretical and methodological contributions to a particular topic. Literature reviews are secondary sources, and as such, do not report any new or original experimental work.
Most often associated with academic-oriented literature, such as theses, a literature review usually precedes a research proposal and results section. Its ultimate goal is to bring the reader up to date with current literature on a topic and forms the basis for another goal, such as future research that may be needed in the area.
A well-structured literature review is characterized by a logical flow of ideas; current and relevant references with consistent, appropriate referencing style; proper use of terminology; and an unbiased and comprehensive view of the previous research on the topic.
4.1 Domain Research
4.1.1 Network Monitoring and Management system
220.127.116.11 Introduction to the use of Network Monitoring and Management system
Whenever there is vital information in an organization there has to be some agent who has to provide security measures to that information. This is because this vital information can be some sort of business plans, customer details or any kind of confidential tenders that is very important to organizational benefit. Any rival company can gain profit if it has accessed to those information by any means. Thus here arise the need and usage of network monitoring system that will be able to monitor the activities of its client.
Secondly in every company one can expect there will be one network administrator. But when the number of machine increases it is difficult to manage those machines manually. Suppose one need to install some kind of programs in the client PC, the administrator has to go to that PC and then install. It is literally time consuming to go to each and every PC for initiation and finishing a set up process. Another way to solve this problem is to hire more employees for maintenance of the machines. Now this will be costly affair. So the use of Network Monitoring and Management together forms an important part of organizational computer network in day to life.
18.104.22.168 Network Monitoring and Management System
The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, pager or other alarms) in case of outages. It is a subset of the functions involved in network management. While an intrusion detection system monitors a network for threats from the outside, a network monitoring system monitors the network for problems caused by overloaded and/or crashed servers, network connections or other devices. Effective planning for a network management system requires that a number of network management tasks be performed. The network management system should discover the network inventory, monitor the health and status of devices and provide alerts to conditions that impact system performance.
An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.
Network management refers to the activities, methods, procedures, and tools that pertain to:
Operation deals with keeping the network (and the services that the network provides) up and running smoothly. It includes monitoring the network to spot problems as soon as possible, ideally before users are affected.
Administration deals with keeping track of resources in the network and how they are assigned. It includes all the “housekeeping” that is necessary to keep the network under control.
Maintenance is concerned with performing repairs and upgrades-for example, when equipment must be replaced, when a router needs a patch for an operating system image, when a new switch is added to a network. Maintenance also involves corrective and preventive measures to make the managed network run “better”, such as adjusting device configuration parameters.
Provisioning is concerned with configuring resources in the network to support a given service. For example, this might include setting up the network so that a new customer can receive voice service.
22.214.171.124.1 Types of intrusion detection systems [B5][B6]
For the purpose of dealing with IT, there are three main types of IDS:
Fig: Showing type of intrusion Detection system
Network intrusion detection system (NIDS)
It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, network switch configured for port mirroring, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyze the content of individual packets for malicious traffic. An example of a NIDS is Snort.
Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. An example of a HIDS is OSSEC.
Perimeter Intrusion Detection System (PIDS)
Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures. Using either electronics or more advanced fiber optic cable technology fitted to the perimeter fence, the PIDS detects disturbances on the fence, and this signal is monitored and if an intrusion is detected and deemed by the system as an intrusion attempt, an alarm is triggered.
126.96.36.199.2 Comparison with firewalls
Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall
188.8.131.52 Components of Network Monitoring and Management System
The network monitoring system basically contains different modules with the help of which proper functioning is carried out. The following are the list of modules and processes:
Initial Set-Up: This is the first step while setting up a network monitoring tool. The machines must be physically connected. IP addressing should be properly carried out.
Network Mapping: The system sends out a command across the network along with usage of various components to get the minimum knowledge on the model in which the network is functioning network. This model is useful for documenting the network configuration.
Machine Pooling: Now the map is prepared, and the system sends the current status request to the components that are in the network. With this process the system would able to get the knowledge of any potential failures that exist in the network.
Alarms & Notification: The application can detect the potential failures in the existing network. Like if any system has gone out of LAN due to any cable fault or any type of other failures it will send notification to the administrator. Information about errors can be displayed centrally or even sent as an SMS message to a mobile phone Notification can be through e-Mail, SMS or Pager.
Reporting: The log-sheet with the help of the command can be very useful for the system administrator to generate the idea of the type of error that has been frequently occurring.
By undergoing a thorough research the developer has found out that certain processes like filtering of client, listing of process, managing clients and their processes are the basic functionalities that must be present in a network monitoring system.
184.108.40.206 Network based Application Architecture
Network based application architecture can be described as the software architecture of the network based application. It provides an abstract view and the model for comparison of the architecture that is going to be used to build the system. It explains how system components are allocated and identified and how these components interact with the system. Also provides information on the amount and granularity of communication needed for interact. Along with it also gives idea on the interface protocols.
220.127.116.11.1 Client/Server Architecture [W2][W3]
The client-server model distinguishes between applications as well as devices. Network clients make requests to a server by sending messages, and servers respond to their clients by acting on each request and returning results. One server generally supports numerous clients, and multiple servers can be networked together in a pool to handle the increased processing load as the number of clients grows.
Fig- A Client-Server Network
The client-server model of computing is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system. A server machine is a host that is running one or more server programs which share their resources with clients.
In most cases, client-server architecture enables the roles and responsibilities of a computing system to be distributed among several independent computers that are known to each other only through a network. This creates an additional advantage to this architecture: greater ease of maintenance. For example, it is possible to replace, repair, upgrade, or even relocate a server while its clients remain both unaware and unaffected by that change.
Client/Server architecture with respect to domain research
18.104.22.168.2 Network monitoring protocols [W12]
Website monitoring service can check HTTP pages, HTTPS, SNMP, FTP, SMTP, POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, ping, SIP, UDP, Media Streaming and a range of other ports with a variety of check intervals ranging from every four hours to every one minute. Typically, most network monitoring services test your server anywhere between once-per-hour and per-minute.
SNMP is the most well known protocol used to manage networked devices. It was to facilitate the exchange of management information between networked devices operating at the application layer of the ISO/OSI model. A collection of network management stations and network elements are implicit in the SNMP architectural model. Network management stations monitor and control network elements by executing management applications for Network devices such as hosts, gateways, terminal and servers which have management agents responsible for performing the network management functions requested by the network management stations. The Simple Network Management Protocol (SNMP) is used to communicate management information between the network management stations and the agents in the network elements.
SNMP is most commonly used for remote management of network devices. SNMP is moreover known for its flexibility. Adding network-management functions to the existing system is very easy. An SNMP-managed network typically consists of three components:
Network management systems
A managed device can be any piece of equipment that sits on your data network and is SNMP compliant. Routers, switches, hubs, workstations, and printers are all examples of managed devices. An agent is typically software that resides on a managed device. The agent collects data from the managed device and translates that information into a format that can be passed over the network using SNMP. A network-management system monitors and controls managed devices. The network management system issues requests and devices return responses.
22.214.171.124 HCI (Human Computer Interaction)
“Human-computer interaction is a discipline concerned with the design, evaluation and implementation of interactive computing systems for human use and with the study of major phenomena surrounding them.” – Association for Computing Machinery
As “Smart Whistle Blower”- a network management and monitoring tool completely functions according to the user. That is why developer tried to implement people’s interaction with computers and to develop the computers for successful interaction with human by the concept of HCI (Human- Computer Interaction). The developer used following main parts of HCI:
The developer implemented HCI with the aim of improving the interactions between humans and computers by making computers more usable and receptive to the user’s needs. Usability can be defined as the extent to which the system can be learnt and used by the users. So the developer measures the usability of the system by analyzing the following points:
Easy to learn
Effective to use
Efficient to use
While developing a system using HCI principles the following factors must be considered by the developer:
Health and Safety Factors
HCI now is being used in a wide range of fields which are shown in the diagram below:
Fig: Showing related modules to HCIU
126.96.36.199 Market Research
188.8.131.52.1 Similar software available in market
There are numerous monitoring tools available in the market, some of which are listed below:
Network Traffic Monitoring
184.108.40.206.2 Comparison Chart [W13] [W14] [W15][W16][W17][W18][W19][W20]
Fig: Showing Comparison Chart between ten software and Smart Whistle Blower
A Brief Analysis
On a comparison with 10 network monitoring system it has been found that the proposed software i.e. Smart Whistle is providing many such facilities that the current network monitoring system do not have. The comparison has been done on nine different features that network monitoring and management software must have. The features commonly are as follows:
[ƒ ] Logical Grouping [ƒ ] Distributed Monitoring [ƒ ] Hardware Intrusion Detection [ƒ ] WebApp [ƒ ] Auto discovery [ƒ ] Triggers/alerts [ƒ ] Live Screening [ƒ ] Chat enabled [ƒ ] Support Network Management System
4.1.2 Security management & recommendation
Security Management for networks is different for all kinds of situations. A small home or an office would only require basic security while large businesses will require high maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming.
A basic firewall like COMODO Internet Security or a unified threat management system.
For Windows users, basic Antivirus software like AVG Antivirus, ESET NOD32 Antivirus, Kaspersky, McAfee, Avast!, Zone Alarm Security Suite or Norton Antivirus. An anti-spyware program such as Windows Defender or Spybot – Search & Destroy would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered.
When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption.
Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router.
Assign STATIC IP addresses to network devices.
Disable ICMP ping on router.
Review router or firewall logs to help identify abnormal network connections or traffic to the Internet.
Use passwords for all accounts.
Have multiple accounts per family member, using non-administrative accounts for day-to-day activities. Disable the guest account (Control Panel> Administrative Tools> Computer Management> Users).
Raise awareness about information security to children.
A fairly strong firewall or Unified Threat Management System
Strong Antivirus software and Internet Security Software.
For authentication, use strong passwords and change it on a bi-weekly/monthly basis.
When using a wireless connection, use a robust password.
Raise awareness about physical security to employees.
Use an optional network analyzer or network monitor.
An enlightened administrator or manager.
A strong firewall and proxy to keep unwanted people out.
A strong Antivirus software package and Internet Security Software package.
For authentication, use strong passwords and change it on a weekly/bi-weekly basis.
When using a wireless connection, use a robust password.
Exercise physical security precautions to employees.
Prepare a network analyzer or network monitor and use it when needed.
Implement physical security management like closed circuit television for entry areas and restricted zones.
Security fencing to mark the company’s perimeter.
Fire extinguishers for fire-sensitive areas like server rooms and security rooms.
Security guards can help to maximize security.
An adjustable firewall and proxy to allow authorized users access from the outside/inside.
Strong Antivirus software and Internet Security Software packages.
Wireless connections that lead to firewalls.
Children’s Internet Protection Act compliance.
Supervision of network to guarantee updates and changes based on popular site usage.
Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneaker net sources.
security via firewall
A strong firewall and proxy to keep unwanted people out.
Strong Antivirus software and Internet Security Software suites.
White list authorized wireless connection, block all else.
All network hardware is in secure zones.
All hosts should be on a private network that is invisible from the outside.
Put web servers in a DMZ, or a firewall from the outside and from the inside.
Security fencing to mark perimeter and set wireless range to this.
4.1.3 Service and Technology Growth in India
As India emerging as one of the major IT leaders of the world, more and more IT companies are establishing in the present scenario. With the increase in IT companies more competition will arise in the market, as a result there will be increase in business politics and hence everybody will try to win this race of competition in the market. Thus there is high risk of hackers intruding into company database and taking away vital information and selling them to rival company. So here the importance of Network Security arises. As a result more and more number of Network Monitoring and management systems is being developed.
On a detailed research it has been found that the number of cases of cyber crime is increasing every year. With practical guidance delivered by expert speakers an organization named as e-Crime India is the premier networking and knowledge initiative for security, IT, fraud, investigations, CERT, audit, forensics, and compliance professionals who are responsible for protecting against existing attacks and emerging threats.
Major IT companies in India like the Infosys, TCS, and Wipro etc. are having separate department to develop software related to network security. Hence one can say the importance of developing such a system because this type of software is ever- demanding with the increase and development of technology.
4.2 Information and Resources
Networks & Networking Concepts
Computer Networks and Internets with Internet Applications, 4th International Edition, Douglas E Comer, Ralph E. Droms, ISN:013123627X, Publisher: Prentice Hall, Copyright: 2004
Behrouz Forozuan, (2004) Introduction to Data Communication & Networking, 3rd Edition, McGraw-Hill
Tanenbaum, Andrew S. (2003) Computer Networks, 4th Edition, Prentice Hall
Stallings, William (2006) Data and Computer Communications, 7th Edition, Prentice Hall
Leslie Ann Robertson, 2003, Simple Program Design, 2nd Edition , Boyd and Fraser
Shelly, G.B., Cashman, T.J. & Rosenblatt, H.J. (2005) System Analysis and Design, 5th or 6th Edition, Course Technology
O’Connell, F. (2001) How to Run Successful Projects III: The Silver Bullet. Addison Wesley, ISBN: 0201748061
CCTA (2002) Managing Successful Projects with PRINCE2. The Stationary Office Books, Cleland, D. (2001) A Guide to the Project Management Body of Knowledge 2000. PMI. ISBN: 0113308914
White Paper and Journal
Parnas, David, A rational design process and how to fake it (PDF) An influential paper which criticises the idea that software production can occur in perfectly discrete phases.
Royce, Winston (1970), “Managing the Development of Large Software Systems”, Proceedings of IEEE WESCON 26 (August): 1-9