An Evaluation of the Current Computing Research Aimed at

Improving Online Security: Network monitoring systems

Name: Kealeboga Thobolo
StudentID: 119062779
Centre: University of Sunderland
Local centre: Botswana Accountancy College

Abstract
Network traffic is becoming more and more
difficult to monitor and analyze especially in high
bandwidth networks and there are certain aspects of
networking that must be upheld at all times. These
include the system ability to defend and mitigate
security threats, bandwidth usage, Response Time
and latency, Scalability and geographic location. The
benefits of Network monitoring systems are outlined
within this paper. However there are some
disadvantages coming alongside these inventions. My
paper will be an evaluation of some of the Current
Computing Research Aimed at Improving Online
Security suggested by network experts.

1. Introduction
Geddes et al, (2008) states that computer
networks are complex systems, consisting of many
heterogeneous hardware and software components.
Monitoring systems are often employed to make
computer networks more manageable and to track
malicious users and programs in the networks.
According to Xuren, (2009) networks can all
be violated by professional hackers, company
competitors, or even internal employees. This
introduces an implementation of a network
monitoring systems (NMS) to combat them. NMS
implementation has been integrated with other
protection tools, such as firewall, IDS, and scanning
tools to ensure and improve online security as
NZhenqi (2009) makes it clear that content-based
network monitoring technology is a further
development on firewall.
NMS is the development which came with a
powerful mechanism for enhancing online security
which has been breached and jeopardized over past
the years as the network scaled up. Geddes et al,

(2008) further clarifies this by saying that most

monitoring systems perform some subset of the
following tasks; monitoring resource usage and
hardware performance, detecting operating system
and application errors, identifying computing assets
by their name, location, or hardware characteristics
and uncovering security vulnerabilities.

1.2 Paper Layout

Section 1 - Introduction - This section discusses the
introduction, provides a skeleton of the aspect to be
discussed which is network monitoring system.
Section 2 Literature Review - This section describes
the critical evaluation of available technical
approaches that have been surveyed by other writers
and present them.
Section 3 Critical Evaluation Further clarifies the
technical approaches by going in depth and critically
reviewing how effective the approaches are.

2. Literature Review
The Internet has gradually turned into the
fastest growing section of the network at large. This
also draws more attention to the security aspect
because the possible design flaws and its
vulnerability to attacks. A successful attack on a
system on the Internet can pose a major threat
because it can influence the system performance and
the services used by millions of users. (Abba et al,
2006).

2.1 Technical Approaches

Ipswitsch. Inc (n.d) states that a network is no
longer limited to few computer and resources but it
includes the Internet, wireless networks, local area
networks (LANs), wide area networks (WANs),
servers, and applications that run on them. According
to the literature that has been surveyed, Network
Monitoring systems can be classified into four
approaches, which are;

2.1.1 An Autonomous
MOnitoring System (ANEMOS)

NEtwork

Xiaoying brings to table the concept of

Autonomous systems by outlining that to enable
network operators to collaborate to ensure the
interconnection of each part of the Internet, as well as
to maintain independent control of each parts
resources, the network must be organized into
Autonomous Systems (ASes). An autonomous
system is a collection of IP networks and routers,
normally under one administrative authority, that
define a common routing policy to the Internet.
(Danalis and Dovrolis, 2003) then introduces
ANEMOS which allows end-users and network
administrators to schedule, perform, and analyze
active monitoring on several network paths.
ANEMOS issues alarms that are used for evaluating,
detecting traffic load, abnormalities in the networks
and attacks; they can trigger changes in the
configuration of networks.
(Danalis and Dovrolis , 2003) also makes it
clear that ANEMOS supports multiple users, which
makes it possible to implement services like two way
communication which is a requirement for services
like online gaming and social networking. This also
poses a need for the system to provide authentication
and encryption for the communication of passwords
between the Clients and the Coordinator. The
system implements logi.crypto Java package, to
provide encryption. When a Client wants to establish
a connection with the Coordinator it starts a Cipher
Stream. This initializes a Diffie-Hellman key
exchange using Triple-DES, and it then ensures that
all data sent through it will be encrypted and
decrypted automatically.(Danalis and Dovrolis,
2003) . To enforce authentication, between the

Clients and the Coordinator all messages sent over

the network must embed usernames and passwords of
the requesting user.

2.1.2 Network Monitoring Under Wide

Area Network (WAN)
(Davenhall and Leese, 2005) states that
WANs span a wide geographical area. A highest
degree of integrity, confidentiality, and availability of
network systems must be upheld while providing for
efficient and effective management of information

under LAN.
Monitoring initiatives designed for WAN
involves the implementation of some network
monitoring protocols and tools (active and passive
monitoring tools) to enforce online security,
(Grigoriev, M. and Cottrell, L.) introduces the use of
PING which monitors traffic delay, latencies and
loss of packets and Traceruote which in its
development helps to determine topology of the
network. (Cecil 2006) defines another protocol
namely SNMP which is a protocol found in the
application layer of the layered protocol stack of the
internet that is the TCP/IP protocol suite. Through its
wide range capabilities it allows network
administrators and analysts to manage network
performance, mitigate and troubleshoot network
problems, this enable SNMP protocol to gather
traffic statistics and reports through passive sensors
that are implemented from router to end host.
These tools are implemented to protect the network
from hackers, human error, disgruntled employees,
criminals and they Defend and Mitigate Security
Threats; this on the other hand can have some
drawbacks,
Lippis (2009) further suggest that WAN can be
integrated with other security services such as
Network Access Control, Intrusion Detection
Services /Intrusion Protection Services and Network
Foundation Protection to mitigate both internal and
external security threats. The key to security as a
WAN Service is that its implemented end-to-end
within the network and WAN aggregation routers
enabling a uniformed deployment, management
environment and secure user experience network
wide.

Lippis (2009) makes it clear that WAN is slower due

to high bandwidth usage and increased traffic load.

from one location to another. Ethernet is an

example of a link layer protocol.

System

A publication by FIPS PUB 191 (1994 cited

James 1989) has defined a LAN as a datacomm
system which allows for integration between a
number of independent devices and enable them to
communicate directly with each other, this can be
within a moderately sized geographic area over a
physical communications channel of moderate rates

Network: The network layer is largely

associated with routers. Network layer
protocols manage how packets are
forwarded from incoming links to outgoing
links towards their destination. The Internet
Protocol (IP) is the only network layer
protocol in the Internet, and is the most
important protocol in the Internet.

Transport: Causes packets to be shipped

from the source endsystem to the destination
endsystem. Transport protocols connect
processes on the two endsystems, and also
determine the quality of service available to
the applications. TCP and UDP are two
major transport layer protocols.

Application:
is
concerned
with
implementing particular applications, such
as the World Wide Web (WWW), the
Domain Name System (DNS), e-mail etc.
Typical application protocols include HTTP
for WWW, DNS for DNS, and SMTP for email.

2.1.3 Network Monitoring

Design under LAN

Federal Information Processing Standard

Publication (1994) makes it clear that LAN security
should be an integral part of the whole LAN, and
should be important to all users. Security services
must also be distributed throughout the LAN. For
example, sending sensitive files that are
confidentialUsers must ensure that their data and
the LAN itself are adequately protected.
(Fan and Fei, 2010) further indicates that
Enterprise LAN monitoring management system runs
within the enterprise network firewall. And the server
in the LAN has a domain controller, that is, directory
server as shown below:
Security services and mechanism in LAN can
be enforced by through the network firewall to
reduce and monitor threats and vulnerabilities as
proposed by Fan and Fei, 2010, There are network
protocols that are put in place in each of the layers of
the Open Source Interconnection (OSI) model to
detect LAN availability problems, monitor access
control and provide data and message integrity.
According to Xiaoying (2008) these protocols are
organized into four layers. Each layer has a particular
responsibility and provides a service to the layer
above it. The four layers are shown in Figure 2.
Starting at the lowest layer , an overview of each
layer is as follows;

Link: The link layer is normally associated

with a particular communication medium.
Link layer protocols manage how packets
are physically transport along the medium

Figure 2: The layered protocol stack on the internet

According to FIPS PUB 191 (1994) LAN
offers a wide range of applications which include
distributed file storing, high bandwidth, and security,
but with these merits however, comes additional risks
that contribute to the LAN security problems which
include;

inadequate protection mechanisms in the

workstation environment, and
Inadequate traffic monitoring and protection
during transmission.

2.1.4 Network Monitoring Systems

under Wireless Network
According to the literature that has been
surveyed a conclusion has been derived that wireless
networks have a basic capability of capturing and
analyzing network traffic, that is
identifying
interference or security attacks, and providing the
monitoring results or feedback to the management
system.
Canavan (2011) stated that an optional
component of the 802.11b standard is wired
equivalent privacy (WEP) adds encrypted
communications between the wireless network client
and the access point. Most of the more recent
products include WEP as a standard feature.
Zimmermann et al (n.d) adds that traffic monitoring
can also assist in securing and protecting wireless
networks. E.g. network monitoring analysis can
detect intrusion attempts and alert the administrator
to enforce authenticity and encryption.

and latency, Scalability and geographic location.

Lets take a look at each of these aspects;

3.1 Defend
threats

and

mitigate

security

From the surveyed literature a conclusion was

derived that the security service is only as robust and
secure as the monitoring, operations. that make up
the service. FIPS PUB (1994).
Network monitoring system functions include
capturing and analyzing network traffic, identifying
interference or security attacks, and providing
feedback.
Its also challenging because of threats such
as hackers, denial of service attacks, viruses, and
information theft, all of which can lead to downtime,
loss of data, and overall decreasing credibility and
profitability. (IPSWITCH INC, 2011)
LAN NMSs has mechanisms to defend against
threats and vulnerabilities; FIPS PUB (1994)
confirms that the identifying interference and
authenticating network traffic helps protect the LAN
from unauthorized LAN access and threats by
prompting password confirmation from, as well as
verifying that identity. On the other hand Lippis
(2011) argues that to defend against external and
internal threats the WAN NMSs is required to
implement a series of security services such as VPN,
access control and traffic monitoring.

3. Critical Evaluation
The impacts caused by the technical
approaches on networking monitoring as well as
networks at large are clearly visible and they can
either have a positive or negative impact due to
some of the shortcomings of these approaches. This
section seeks to unfold these shortcomings and
evaluate the level at which these approaches enforce
online security. As far as network monitoring is
concerned, the concept of online security is a major
challenge. This section focuses on the critical
evaluation of those aspects.
Technical approaches proposed in Section 2
must take into account the unique properties of a
network monitoring system. The following criteria
will be used to evaluate the approaches reviewed in
the previous section; ability to defend and mitigate
security threats, bandwidth usage, Response Time

With Wireless networks as the latest

technology new and intact mechanisms are
implemented, Zimmermann et al says that it has a
self-protection mechanism performs the necessary
traffic analyses to detect potential security threats.
The current NMS implemented in wireless networks
detects and counter acts against attacks resulting from
neighboring base stations, unauthorized access and
MAC address spoofing. It then blacklists those
malicious nodes and disseminates their presence
throughout the system, warning the overall wireless
network. From the literature that has been surveyed
wireless networks also face a particular challenge of
neighboring base stations overlapping over each
other with their coverage, this can even go to the
extent of the networks being unable to detect this
occurrence because none is visible to the other,
leading to an inconsistent overall network
configuration and creating a loop for intruders hence
compromising the security.

3.2 Bandwidth Usage

The present writer would conclude that the
higher the network bandwidth the higher the level of
security. Lippis (2011) states that shortage in WAN
bandwidth increase complexity and makes IT service
delivery difficult. This often makes traffic in WAN
NMS much slower than in other approaches. He
further makes it clear that this complexity is caused
by the fact that branches are widely distributed over
large geographic areas. LAN NMSs are much faster
in processing because of the availability of
bandwidth.

With the wireless networks Zimmermann, et

al says that most wireless networks implement the
wireless switches which are found in the link-layer,
these switches connect base stations that act as
wireless bridges to a switched wired network. The
link-layer switch implements the monitoring
component. This centralized, link-layer approach
offers bandwidth and access control.

3.3 Response Time and latency

Branch Office Blackout (n.d) defines latency
as the time it takes for a packet of data to get from
one designated point to another.
Since LAN NMSs are limited to buildings and
organizations, it has a high response time and low
latency time as compares to WAN NMSs. The lower
the response and latency time the more secure the
network as packets are transferred faster making it
harder for intruders and hackers to intercept the
packets and modify them.
WAN and LAN
implements protocols such as TCP and UDP to
ensure that packets move faster through the network.
Wireless networks response time depends on
the distance between two base stations (routers and
repeaters), the closer the base stations the higher the
response time and packets are received faster .

3.4 Scalability and geographic location

(Davenhall and Leese, 2005) declares that
WANs span a wide geographical area and scale well,
scalability can be measured along three dimensions,
size (which means it can easily add more users and
resources, geographically and administrative (easy to
manage). From the literature that has been surveyed
WAN NMSs scale well as compared to LAN and

wireless networks, but also this introduces some

problems, if there are more users and resources the
system might become bottlenecked and overload the
network. Geographical scalability in WANs is
inherently unreliable and virtually always point to
point, In contrast, LANs generally provide highly
reliable communication.
Increased traffic load, application load,
collaboration, distance, separation of data and
applications and security/compliance requirements
are all dynamics that are completely altering the
design requirements for the WAN. Lippis (2011).
Most LAN NMSs are centralized that is security
services are implemented by means of only one
single server running on a specific machine in the
LAN.

4. Recommendations and Lessons learnt

It has been discovered that online security flaws and
vulnerabilities pose a need to implement and utilize
different technical approaches to ensure that proper
security measures are enforced. Online security is
made up of operations that protect the information
and the system that is processing the information by
enforcing some security services like simplicity,
integrity, authentication, confidentiality, availability
and non-repudiation. When these services are
implemented, platforms for intruders, threats and
attacks are lowered. For businesses that want to
develop online systems, consider the following
recommendations; confidentiality and integrity (that
information should be protected from intentional,
unauthorized, or accidental changes) scalability,
integration
with
other systems,
consistent
implementation of QoS, encryption and security
across the network. Confidentiality ensures that no
unauthorized individuals or systems can have access
to information. Confidentiality is assured through
identification, Limiting information usability,
encryption, authentication, and authorization of
information.

5. Conclusion
Based on an evaluation of the current computing
research aimed at improving online security,
combined with several technical approaches for

designing and implementing online security, The

need to
define a security policy in network
monitoring systems and been identified, and balance
the networks security needs with the available
resources in order to uphold and enforce certain
aspects of networking which include defending and
mitigating security threats, bandwidth usage,
Response Time and latency, Scalability and
geographic location.

References
[1] Vincent Geddes,(2008), Design and Implementation
of a Scalable Network Monitoring System,
Department Of Computer Science, University Of
Cape Town, Cape Town, HONOURS REPORT, pp
1-27, [Online] IEEE Digital Library [Accessed on]
23rd August 2011.
[2] Wang Xuren, He Famei, (2009), An Implement of
Broadband Network Monitoring System Based on
Libnids and Winpcap, 2009 International Conference
on New Trends in Information and Service Science,
Information Engineering College of Capital Normal
University, Beijing, pp1-3, [Online] IEEE Digital
Library [Accessed on] 23rd August 2011.
[3] Wang Zhenqi, WangXinyu (2009) , The Research
And Design Of Content-Based Network Monitor
System, Information and Network Management
Center North China Electric Power University,
China, pp 68, [Online] , [Online] IEEE Digital

Library [Accessed on] 23rd August 2011.

[4] Abba, A, El Saddik, A and Miri, A. (2006). A
comprehensive approach to designing internet
security taxonomy, School of Information
Technology and Engineering (SITE) University of
Ottawa, pp 1316-1319,[Online] IEE Digital Library
[Accessed on] 23rd August 2011.
[5] Xiaoying Z. (May 2008). Application of Overlay
Techniques to Network Monitoring, pp 1-191
[Accessed on] 18 October 2011
[6] Danalis, A. Dovrolis C. 2003. ANEMOS: An
Autonomous NEtwork MOnitoring System. Computer
& Information Sciences ,University of Delaware.
[online] IEEE Digital Library [Accessed on] 23
August 2011
[7] A.C. Davenhall and M.J. Leese. 2005. An
Introduction to Computer Network Monitoring and

Performance. National e-Science Centre article,

version 1, pp 1-70. [Accessed on] 18 October 2011
[8] Grigoriev, M. and Cottrell, L. Wide area network
monitoring system for hep experiments at fermilab,
usa . [Accessed on] 23rd August 2011
[9] Cecil, A. (no date) A summary of Networks Traffic
Monitoring and Analysis Techniques, [online]
http://www.cse.wustl.edu/~jain/cse56706/ftp/net_monitoring/index.html. [Accessed on] 13
October 2011.
[10] Lippis, N.J. (March 2009) WAN advantage: New
Thibking in Branch Office and WAN Edge Design
Plus Services. Lippis Report White Paper. Pp 1-8,
[Accessed on] 13 October 2011.
[11] Federal Information Processing Standard Publication
(FIPS PUB) 191, Specifications for Guidelines for
The Analysis Local Area Network Security,
November 9, 1994. [Accessed on] 13 October 2011.
[12] Martin, James, and K. K. Chapman, The Arben
Group, Inc.; Local Area Networks, Architectures and
Implementations, Prentice Hall, 1989.
[13] Fan L and Fei L. 2010.Network Monitoring System
Design under LAN. Shaanxi Regional Electric Power
Group, Northwest University, Volume 4, pp 587-591.
[Online] IEE Digital Library [Accessed on] 23rd
August 2011.
[14] John E. Canavan. 2011.Fundamentals of Network
Security, Library of Congress Cataloging-inPublication Data, Artech House telecommunications
library. Pp 1-218. [Accessed on] 13 October 2011.
[15] Zimmermann, K, Felis,S, Schmid, S Lars Eggert and
Marcus Brunner (no date ).Autonomic Wireless
Network Management. NEC Europe Ltd. Network
Laboratories, pp 1-14, [Accessed on] 19 October
2011.

[16] IPSWITCH INC. (no date) The value of network

monitoring, Why Its Essential to Know Your
Network, pp 1-7, [online] IEEE Digital Library
[Accessed on] 13 October 2011.
[17] OpManager White paper. (n.d).WAN Monitoring
Whitepaper, Branch Office Blackout paper.
www.opmanager.com, [Accessed on] 19 October
2011.