DOCSLIB.ORG

INF526: Secure Systems Administration

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
INF526: Secure Systems Administration INF526: Secure Systems Administration SIEM and Intrusion Detection Prof. Clifford Neuman Lecture 12 5 April 2017 OHE100C Class Presentation Schedule 4/5 Mohammed Alsubaie – SIEM and Intrusion Detection 4/12 Vishnu Vadlamani - Network Monitoring/Attack Forensics 4/19 Andrew Gronski - Accreditation and acceptance testing 1 Detecting Intrusions • Visibility of artifacts from intrusions – Passive attacks • Difficult to detect because technically no changes made. – But in some cases – evidence of connecting to a network might be present. – Honeytokens – Intrusions are really all Active attacks • Identifying Subversions • Identifying traffic that is indicative of an intrusion – Best point of observation is outside affected system 2 Where Detection Occurs • Events visible in the network – New network peer entities is evidence – Significant change in frequency or bandwidth is evidence • Events on the Compromised System – Changes to system binaries are evidence of subversion – Changes to accounts and privileges are evidence – Changes to the running processes and CPU share are evidence – Creation of new files are evidence • The above are anomalies and an administrators role is to sort though them. 3 Events Visible in the Network • Network Monitoring uses a system to monitor a computer network for abnormalities and notifies an administrator or other system components when an issue is identified. – Enterprise health monitoring • Network Monitoring tools allow us to see the devices connected to our network and traffic between them. • Packet analyzers can capture network traffic for viewing through an event management system. • Such data is useful for intrusion detection. 4 Network Monitoring and Secure SA • Secure administration of a network and systems requires visibility of current activities and status of devices, and the ability to examine past activities. In particular: – Ensures Availability is maintained • Ability to correct system issues, and to identify potential DoS attacks – Ensures Non-Repudiation • Gives administrator a history of who did what, and when • While not directly involved in enforcement, it also assists in ensuring other principles (Integrity, Confidentiality, Authentication, Authorization) have not been breached. – Can identify suspicious activity that may indicate a security compromise. Slide by Josh McCamey INF526 Summer 2016 5 How Does it Work • Enterprise Network Monitoring systems usually check the health of systems on the network by using a “ping” signal to test whether ports respond as expected. – Period between pings can be anywhere from minutes to hours – Checks response times and up-time – May also check for things like consistency and configuration of specific equipment or software on the network • Can check just about any network protocol (e.g. HTTP/S, SNMP, FTP, SMTP,POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, etc…) – In the case of a protocol like SMTP/POP3, system may send a test message periodically through one protocol while receiving through another to check the health of servers the message passes through. Slide by Josh McCamey INF526 Summer 2016 6 How Does it Work • A failure occurs when a test operation or “ping” times out – When a failure is recorded the Network Monitor produces an “action” – System can use any available means to notify an administrator (e.g. e-mail, text, phone call, pop-up notification on local machine, even an audible alarm) • Advanced networks may have automatic fail-safes that off-load a server’s duty to the rest of the network to make the failure transparent to the user – This is critical for big companies/sites that can’t afford down-time. Slide by Josh McCamey INF526 Summer 2016 7 How Does it Work • Packet analyzers, on the other hand, capture packets going across an interface – Sometimes these are also called “packet sniffers” – Close relationship to forensics and intrusion detection – Can be used to determine the nature of connections and identify malicious activity • Wide variety of visualization, recording and analysis capabilities depending on thetool used • Packet analyzers and health monitors not necessarily mutually exclusive – Many different tools, some can “do-it-all”, depending on your definition of “all” Slide by Josh McCamey INF526 Summer 2016 8 Common Tools (not a compressive list) • ntop • NetworkMiner • Microsoft Message Analyzer • Pandora FMS • MRTG • Zenoss Core • PRTG • The Dude • Nagios • Splunk • OpenNMS • Angry IP Scanner • SolarWinds • Icinga • Spiceworks IT Management • Total Network Monitor • Advanced IP Scanner • NetXMS • Capsa • Xymon • Fiddler • And… WIRESHARK Slide by Josh McCamey INF526 Summer 2016 9 Microsoft Message Analyzer • Successor to Microsoft Network Monitor – Free, 32-bit and 64-bit: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows 10 clients • Capture, display, and analyze protocol messaging traffic • Trace and assess system events and other messages from Windows components • Main Features: – Integrated “live” event and message capture at various system levels and endpoints – Parsing and validation of protocol messages and sequences – Automatic parsing of event messages described by ETW manifests – Summarized grid display – top level is “operations”, (requests matched with responses) – User controlled “on the fly” grouping by message attributes – Ability to browse for logs of different types (.cap, .etl, .txt) and import them together – Automatic re-assembly and ability to render payloads – Ability to import text logs, parsing them into key element/value pairs – Support for “Trace Scenarios” (one or more message providers, filters, and views) Slide by Josh McCamey INF526 Summer 2016 10 Microsoft Message Analyzer Slide by Josh McCamey INF526 Summer 2016 11 Nagios Network Analyzer • Popular paid IT admin tool to monitor for configuration issues, high load, etc. • Focused on high-level goals rather than low level packet inspection – Netflow Analysis, Monitoring, and Bandwidth Utilization – Security and reliability monitoring and user notifications – Advanced visualization capabilities – Custom application monitoring – Bandwidth monitoring and threshold settings with alert capability – Advanced user management to allow for multi-tenancy • Linux focused • Specialized versions for machines running in virtual environments like VMWare Slide by Josh McCamey INF526 Summer 2016 12 Nagios Network Analyzer Slide by Josh McCamey INF526 Summer 2016 13 Open NMS • Free & open-source enterprise grade network monitoring & management tool • Runs on Linux/Win/Mac • “Network Management Application Platform” – Made to be customized and have network monitoring solutions/applications built on top of it • Core feature set – Java-based framework – API-extendable notification mechanism including SMTP, Slack & Mattermost, Jabber and XMPP, Microblogs (i.e. Twitter) – Ticketing integration framework including Request Tracker, BMC Remedy, IBM Tivoli Service Request Manager, – Atlassian JIRA, extensible ticketing API – Alarm forwarding to external applications for handling or analysis (ElasticSearch), “Northbound” API and JMS, – AQMP integration – “Southbound integration” enables gathering of performance measurements and logging messages – from network applications and devices (test connections, check resource configurations, etc.) Slide by Josh McCamey INF526 Summer 2016 14 Open NMS Slide by Josh McCamey INF526 Summer 2016 15 NTopNG • Network traffic probe that shows network usage similar to Linux “top” command – Full-featured network analysis tool, free & paid versions, Portable, made to run on any Unix platform (&Win x64) – Uses a web server to provide a web browser interface – Sort network traffic according to many criteria including IP address, port, Layer 7 protocol (app layer), throughput, and more – Show network traffic and IPv4/v6 active hosts. – Produce long-term reports about various network metrics such as throughput, application protocols – Top X talkers/listeners, top ASs, top Layer 7 applications – For each communication flow report network/application latency/round trip time (RTT), TCP stats (retransmissions, packets OOO, packet lost), bytes/packets – Store on disk persistent traffic statistics in RRD format. – Geolocate hosts and display reports according to host location. – Discover application protocols by leveraging on nDPI, ntop’s DPI framework. – Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist. – Show IP traffic distribution among the various protocols. – Analyse IP traffic and sort it according to the source/destination. – Display IP Traffic Subnet matrix (who’s talking to who?) – Report IP protocol usage sorted by protocol type. – Produce HTML5/AJAX network traffic statistics. Slide by Josh McCamey INF526 Summer 2016 16 NTOP NG Slide by Josh McCamey INF526 Summer 2016 17 Wireshark • World's foremost network protocol analyzer (self-claimed) – - Deep inspection of hundreds of protocols, with more being added all the time – - Live capture and offline analysis – - Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others – - Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility – - Rich VoIP analysis – - Read/write many different capture file formats (too many to show here) – - Capture files compressed with gzip can be decompressed on the fly – - Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI,
Load more

Recommended publications
  • Fireware V12.4 Release Notes (PDF)
    Fireware v12.4 Update 2 Release Notes Supported Devices Firebox T10, T15, T30, T35, T50, T55, T70, M200, M270, M300, M370, M400, M440, M470, M500, M570, M670, M4600, M5600 FireboxV, Firebox Cloud, WatchGuard AP Release Date 4 April 2019 Release Notes Revision 10 October 2019 Fireware OS Build 592447 (updated for Fireware v12.4 Update 2 on 26 April 2019 589964 (original Fireware v12.4 release) WatchGuard System Manager Build 592565 (updated for Fireware v12.4 Update 2 on 26 April 2019 591532 (updated for WSM v12.4 Update 1 on 11 April 2019) 59007 (original WSM v12.4 release) WatchGuard AP Firmware AP100, AP102, AP200: 1.2.9.16 AP300: 2.0.0.11 AP125: 8.6.0-644.3 AP120, AP320, AP322, AP325, AP420: 8.6.0-646 Introduction Introduction On 29 April 2019, we release Fireware and WatchGuard System Manager (WSM) v12.4 Update 2 to resolve several issues, mostly related to Firebox management and the HTTPS proxy. See Enhancements and Resolved Issues for more information. On 11 April 2019, we released WatchGuard System Manager (WSM) v12.4 Update 1 to resolve an issue with Policy Manager. See Enhancements and Resolved Issues for more information. Fireware v12.4 is a significant release for Firebox T Series, Firebox M Series, FireboxV, and Firebox Cloud appliances. This release offers major enhancements, feature improvements, and resolves numerous bugs. Some of the key features included in this release are: SD-WAN for VPN and Private Lines This release extends SD-WAN benefits to more than just external WAN connections, enabling organizations to cut back on expensive MPLS connections.
    [Show full text]
  • Netxms Installation Guide
    NetXMS Installation Guide Version 1.0.5 Copyright © 2003 — 2010 Raden Solutions NetXMS Installation Guide 2 NetXMS Installation Guide Table of Contents 1 Preface ......................................................................................................................4 1.1 Audience..............................................................................................................4 1.2 Additional Documentation......................................................................................4 2 Requirements..............................................................................................................5 2.1 Server Requirements.............................................................................................5 2.1.1 Hardware......................................................................................................5 2.1.2 Operating System..........................................................................................5 2.1.3 Database......................................................................................................5 2.2 Console Requirements...........................................................................................5 2.2.1 Hardware......................................................................................................5 2.2.2 Operating System..........................................................................................6 2.3 Agent Requirements..............................................................................................6
    [Show full text]
  • Netxms Data Dictionary
    NetXMS Data Dictionary Raden Solutions, SIA <[email protected]> Version 2.2.13, April 10, 2019 Table of Contents Introduction. 1 Tables. 1 ACCESS_POINTS . 1 ACL. 1 ACTIONS . 2 ADDRESS_LISTS . 4 AGENT_CONFIGS . 4 AGENT_PKG . 5 ALARM_CATEGORIES . 6 ALARM_CATEGORY_ACL . 6 ALARM_CATEGORY_MAP . 7 ALARM_EVENTS . 7 ALARM_NOTES . 8 ALARMS . 8 AP_BINDINGS . 11 AP_COMMON . 11 AP_CONFIG_FILES . 11 AP_LOG_PARSER . 12 AUDIT_LOG . 12 BUSINESS_SERVICES . 13 CERTIFICTE_ACTION_LOG . 14 CERTIFICATES . 14 CHASSIS . 15 CLUSTER_MEMBERS . 16 CLUSTER_RESOURCES. 16 CLUSTER_SYNC_SUBNETS . 17 CLUSTERS. 17 COND_DCI_MAP . 18 CONDITIONS . 19 CONFIG_CLOB. 20 CONFIG_REPOSITORIES . 20 CONFIG_VALUES . 21 CONFIG . 21 CONTAINER_MEMBERS . 22 COUNTRY_CODES. 23 CURRENCY_CODES. 23 DASHBOARD_ASSOCIATIONS . 24 DASHBOARD_ELEMENTS. 24 DASHBOARDS . 26 DC_TABLE_COLUMNS . 26 DC_TABLES . 27 DCI_ACCESS . 30 DCI_SCHEDULES. 31 DCI_SUMMARY_TABLES . 31 DCT_THREASHOLD_INSTANCES . 32 DCT_COLUMN_NAMES . 33 DCT_NODE_MAP. 33 DCT_THRESHOLD_CONDITIONS . 33 DCT_THRESHOLDS . ..
    [Show full text]
  • Analysis and Evaluation of Network Management Solutions a Comparison of Network Management Solutions Suitable for Networks with 2,500+ Devices
    DEGREE PROJECT IN COMPUTER ENGINEERING, FIRST CYCLE STOCKHOLM, SWEDEN 2016 Analysis and Evaluation of Network Management Solutions A Comparison of Network Management Solutions Suitable for Networks with 2,500+ Devices MURAT GABDURAHMANOV and SIMON TRYGG KTH ROYAL INSTITUTE OF TECHNOLOGY INFORMATION AND COMMUNICATION TECHNOLOGY Analysis and Evaluation of Network Management Solutions A Comparison of Network Management Solutions Suitable for Networks with 2,500+ Devices Murat Gabdurahmanov and Simon Trygg 2016-06-16 Bachelor of Science Thesis Examiner Gerald Q. Maguire Jr. Academic adviser Anders Västberg KTH Royal Institute of Technology School of Information and Communication Technology (ICT) Department of Communication Systems SE-100 44 Stockholm, Sweden c Murat Gabdurahmanov and Simon Trygg, 16 June 2016 Abstract Some companies today are using sub-optimal and nearly obsolete management systems for their networks. Given the large number of different services that are demanded by users, there is a need to adapt the network structure to support the current and potential future demands. As a result, there is a need for new Network Management Solutions (NMSs). The aim of this thesis project is to help a company who uses a NMS called Local Area Network (LAN) Management Solution (LMS). LMS was designed by Cisco for managing LAN networks. However, the company’s demands are growing and they need to expand their network more than expected. Moreover, LMS is designed to only support devices by Cisco, whereas the company wants a universal solution with wide device support from many manufacturers. This thesis presents an analysis of their current system and suggests potential solutions for an upgrade that will meet all of the company’s demands and will have a long operating life.
    [Show full text]
  • VUTLAN VT825 / Room Guard
    VUTLAN VT825 / Room Guard VT825 Environmental Monitoring Unit • CAN port for digital sensors • 8 Autosense RJ-12 ports for sensors • 4 dry contact inputs • USB port for web camera or for USB flash for saving logs • Two 12V 0.25A output • 100 Mbit Ethernet port • External chassis earthling • LEDs: power, relays, errors, CAN • Onboard temperature sensor (1%) • Internal GSM modem extension slot (GSM modem is ordered separately) • Internal “VT10 / 1-Wire extension” slot or internal “VT18 / Extension slot” (extensions are ordered separately) • Web interface • Virtual sensors & elements: Group, E-mail, SNMP trap, SNMP Get, SMS, SMS Gate, Web-to-SMS, IP cams, PINGs, Triggers, Timers, Dew point • SNMP traps, SMS & E-mail notifications • Supports SNMP v.1, v.2c, v.3 • Notifications: E-mail, SMS, Syslog, Event log, SNMP Trap, SNMP Get • Configurable embedded logic • Sensor graphing • FTP Backup, Radius, DynDNS, SNTP, SMTP, Mail Log, USB Flash log, SD Card Log • Multilanguage support VUTLAN VT825 / Room Guard Processor: ARM926EJ 300 MHz Ethernet 10/100 Mbit port OS: Linux 3.10.101 Built-in clock with time synchronization ROM: 512 Mbit NAND Flash RADIUS access with Login RAM: 64 Mb Device Management: Web, SNMP, manually via SMS Operating temperature: 0 to 60 °C Built-in watchdog timer Alert types: FTP, Syslog, SMTP or SNMP, SMS (GSM modem is ordered Storage temperature: –25 to 85 °C separately) Operating humidity: 0 to 90 %, non- condensing Network protocols: DHCP, HTTP, HTTPS, SNMP, SMTP, SSL, FTP, Storage humidity: 0 to 95 %, non-condensing VUTLAN VT825 / Room Guard VUTLAN VT825 / Room Guard Low alarm level Low warning level Normal level High warning level High alarm level VUTLAN VT825 / Room Guard VUTLAN VT825 / Room Guard VUTLAN VT825 / Room Guard AccelOps GroundWork Inc.
    [Show full text]
  • The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins
    10/23/2014 The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins MENU The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins Andrew Tabona on July 23, 2013 31 comments We know how administrators love free tools that make their life easier and, to supplement the list provided on 101 Free Admin Tools, here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we’re sure you’ll find a gem or two amongst this list – and if you know of any others, leave us a comment below! 1. Microsoft Network Monitor Microsoft Network Monitor is a packet analyser that allows you to capture, view and analyse network traffic. This tool is handy for troubleshooting network problems and applications on the network. Main features include support for over 300 public and Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor Mode and sniffing of promiscuous mode traffic, amongst others. When you launch Microsoft Network Monitor, choose which adapter to bind to from the main window and http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/ 1/25 10/23/2014 The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins then click “New Capture” to initiate a new capture tab. Within the Capture tab, click “Capture Settings” to change filter options, adapter options, or global settings accordingly and then hit “Start” to initiate the packet capture process.
    [Show full text]
  • Netxms Scripting Language
    NetXMS Scripting Language Table of Contents Introduction. 7 Script security . 7 Tutorial . 8 Built-in Types. 8 Truth Value Testing . 8 Function Reference . 8 String functions . 8 ArrayToString() . 8 chr(). 9 d2x() . 9 format() . 9 index() . 10 inList() . 10 left(). 10 length(). 11 lower() . 11 ltrim() . 11 ord() . 11 right() . 12 rindex() . 12 rtrim(). 12 SplitString() . 13 substr() . 13 trim(). 13 upper() . 13 x2d() . 14 Math functions . 14 abs() . 14 acos(). 15 asin() . 15 ceil() . 15 cos(). 16 cosh() . 16 exp() . 16 floor() . 17 log() . 17 1 log10(). 17 max(). 18 min() . 18 pow(). 18 round() . 19 sin() . 19 sinh(). 19 tan(). 19 tanh() . ..
    [Show full text]
  • Etc/Services
    # /etc/services: # $Id: services,v 1.48 2009/11/11 14:32:31 ovasik Exp $ # # Network services, Internet style # IANA services version: last updated 2009-11-10 # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports # are included, only the more common ones. # # The latest IANA port assignments can be gotten from # http://www.iana.org/assignments/port-numbers # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # # Each line describes one service, and is of the form: # # service-name port/protocol [aliases ...] [# comment] tcpmux 1/tcp # TCP port service multiplexer tcpmux 1/udp # TCP port service multiplexer rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users systat 11/udp users daytime 13/tcp daytime 13/udp qotd 17/tcp quote qotd 17/udp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp-data 20/udp # 21 is registered to ftp, but also used by fsp ftp 21/tcp ftp 21/udp fsp fspd ssh 22/tcp # The Secure Shell (SSH) Protocol ssh 22/udp # The Secure Shell (SSH) Protocol telnet 23/tcp telnet 23/udp
    [Show full text]
  • Evaluation of Monitoring Systems for Metric Collection in Intelligent Cloud Scheduling
    Evaluation of monitoring systems for metric collection in intelligent cloud scheduling I.S. Kadochnikov1,a, N.A. Balashov1,b, A.V. Baranov1,c, I.S. Pelevanyuk1,d, N.A. Kutovskiy1,2,e, V.V. Korenkov1,2,f, A.V. Nechaevskiy1,g 1 Joint Institute for Nuclear Research, 6 Joliot-Curie street, Dubna, Moscow region, 141980, Russia 2 Plekhanov Russian University of Economics, 36 Stremyanny per., Moscow, 117997, Russia a b c d E-mail: [email protected], [email protected], [email protected], [email protected], e f g [email protected], [email protected], [email protected] Infrastructure as a Service clouds have various uses: from application development and integra- tion to parallel computing. Combined within the same cloud this leads to unbalanced and inefficient use of resources. Overcommitment with automated virtual machine migration can help improve effi- ciency. However, this approach requires real-time information about VM load distribution, as well as historical data to help guide migration strategies. The default monitoring system built into the OpenNebula cloud platform is limited in the possible collection and data processing options. Thus arises the problem of selecting the external monitoring system most suitable for the task. One im- portant aspect to consider is performance, as in large clouds it can be the critical limiting factor. This study proposes a method to test and compare monitoring systems' performance in this context. The monitoring server is installed on a physical machine and set up to collect a small fixed set of metrics from virtual nodes. CPU, memory, disk and network use on the server are recorded for the duration of the test.
    [Show full text]
  • Resource Utilization Reporting Gathering and Evaluating HPC System Usage
    Resource Utilization Reporting Gathering and evaluating HPC system usage Andrew Barry Cray Inc. Saint Paul, MN, USA [email protected] Abstract— Many Cray customers want to evaluate how their required by administrators, these tools are no longer systems are being used, across a variety of metrics. Neither sufficient to address the needs of Cray customers. previous Cray accounting tools, nor commercial server management software allow the collection of all the desirable • COS accounting – Anecdotes from former XMP statistics with minimal performance impact. Resource programmers suggest that the COS batch scheduler Utilization Reporting (RUR) is being developed by Cray, to allowed for the collection of program statistics. Details collect statistics on how systems are used. RUR provides a about this functionality are not readily available. reliable, high-performance framework into which plugins may be inserted, which will collect data about the usage of a • BSD accounting – 4.2BSD unix introduced particular resource. RUR is configurable, extensible, and process accounting in 1983. Most unix varients since that lightweight. Cray will supply plugins to support several sets time have included this feature, such as Unicos, Irix, and of collected data, which will be useful to a wide array of Linux, the last of which forms the basis for Cray's CLE Cray customers; customers can implement plugins to collect operating system. BSD-style process accounting generates data uniquely interesting to that system. Plugins also support multiple methods to output collected data. Cray is a file containing records about the cpu usage, memory expecting to release RUR in the second half of 2013. consumption, and the number of network and filesystem transactions of each process.
    [Show full text]
  • Multi Router Traffic Grapher
    Network Monitoring & Performance Network Performance Analysis #3 Network Management System Susmini I. Lestariningati, M.T Definition • Network Monitoring : the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS, or other alarm) in case of outages. • Network traffic measurement is the process of measuring the amount and type of traffic on a particular network. This is especially important with regard to effective bandwidth management. • While an intrusion detection system monitors a network for threats from the outside, a network monitoring system monitors the network for problems caused by overload and/ or crashed servers, network connections or other devices. • for example, to determine the status of a web servers, monitoring software may periodically send and HTTP request to fetch page • for email servers, a test message might be sent through SMTP and retrieved by IMAP or POP3 • Commonly measured metrics are response time, availability and uptime, although both consistency and reliability metrics are starting to gain popularity. • Status request failures - such as when a connection cannot be established, it times-out, or the document or message cannot be retrieved - usually produce an action from the monitoring system. • These actions vary -- an alarm may be sent (via SMS, email, etc.) to the resident sysadmin, automatic failover systems may be activated to remove the troubled server from duty until it can be repaired, etc. • Monitoring the
    [Show full text]
  • Port Numbers
    PORTNUMBERS (lastupdated20110610) Theportnumbersaredividedintothreeranges:theWellKnownPorts, theRegisteredPorts,andtheDynamicand/orPrivatePorts. TheWellKnownPortsarethosefrom0through1023. DCCPWellKnownportsSHOULDNOTbeusedwithoutIANAregistration. Theregistrationprocedureisdefinedin[RFC4340],Section19.9. TheRegisteredPortsarethosefrom1024through49151 DCCPRegisteredportsSHOULDNOTbeusedwithoutIANAregistration. Theregistrationprocedureisdefinedin[RFC4340],Section19.9. TheDynamicand/orPrivatePortsarethosefrom49152through65535 Avalueof0intheportnumbersregistrybelowindicatesthatnoport hasbeenallocated. ************************************************************************ *PLEASENOTETHEFOLLOWING:* ** *IESGSTATEMENTTOTHEIANA* *THEIESGBELIEVESTHATIANAMAYALLOCATEANADDITIONALPORTIN* *THE'USERPORT'RANGETOPROTOCOLSWHOSECURRENTPORTALLOCATION* *REQUIRESACCESSTOAPRIVILEGEDPORT.THISALLOCATIONSHOULDNOT* *BEAUTOMATIC,BUTMAYOCCURUPONAPPLICATIONBYANINTERESTED* *PARTYWHOSEAPPLICATIONWOULDOTHERWISEFITIANA'SPOLICIES.* ** *1.UNASSIGNEDPORTNUMBERSSHOULDNOTBEUSED.THEIANAWILLASSIGN* *THENUMBERFORTHEPORTAFTERYOURAPPLICATIONHASBEENAPPROVED.* ** *2.ASSIGNMENTOFAPORTNUMBERDOESNOTINANYWAYIMPLYAN* *ENDORSEMENTOFANAPPLICATIONORPRODUCT,ANDTHEFACTTHATNETWORK* *TRAFFICISFLOWINGTOORFROMAREGISTEREDPORTDOESNOTMEANTHAT* *ITIS"GOOD"TRAFFIC.FIREWALLANDSYSTEMADMINISTRATORSSHOULD* *CHOOSEHOWTOCONFIGURETHEIRSYSTEMSBASEDONTHEIRKNOWLEDGEOF* *THETRAFFICINQUESTION,NOTWHETHERTHEREISAPORTNUMBER* *REGISTEREDORNOT.* ************************************************************************
    [Show full text]