1 / 27

Network Management and SNMP

What is Network Management? ISO Network Management Model (FCAPS) Network Management Architecture SNMPv1 and SNMPv2 SNMPv3 – what’s new?. Network Management and SNMP. Any complex system with many interacting components must be monitored, managed and controlled

amegan
Télécharger la présentation

Network Management and SNMP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. What is Network Management? ISO Network Management Model(FCAPS) Network Management Architecture SNMPv1 and SNMPv2 SNMPv3 – what’s new? Network Management and SNMP

  2. Any complex system with many interacting components must be monitored, managed and controlled In the early 1980 networks expansion prompted the need for automated network management Network Management

  3. Network management scenarios • Detecting failure of an interface card in a device • Host monitoring • Traffic monitoring to optimize resource deployment • Detecting rapid changes in routing tables • Intrusion detection

  4. FCAPS: Fault management Configuration management Accounting management Performance management Security Management ISO Network Management Model

  5. Fault management – Network faults and problems are found and fixed Configuration management – track devices and their h/w and s/w configs Accounting management - Network resources are distributed and departments are charged for their network use Performance management – quantify, measure, report, analyze and control performance of network components to minimize congestion and bottlenecks Security Management – control access to network resources according to some well-defined policy ISO Network Management Model

  6. Network Management Architecture

  7. Simple Network Management Protocol • Protocol for network management, part of TCP/IP suite • Current version SNMPv3 • Includes communication protocol, set of data definitions and database schema • Basic components:Managers/NMSManaged devicesSNMP AgentsMIB

  8. Was implemented as a full standardin 2004 Only changes relate to security and remote configuration SNMPv3 provides for encryption, authentication and message integrity SNMPv3

  9. Network Management Architecture

  10. MIB – virtual information store for a collection of managed objects Describes structure of management data on managed device Each variable that describes some part of device configuration is identified by a unique OID (object ID) Vendors define MIB variables for their own use MIB II – standard MIB implemented by all managed objects MIB (Management Information Base)

  11. SMI is the language used to define the management information residing in a managed object – logically SMI states that each managed object should have a name, syntax and encoding SMI is a subset of ASN.1 - a standard for describing data that is independent of machine-specific encoding. SMI (Structure of management information)

  12. Object naming by OID

  13. MIB-II subtree

  14. SNMP Transport

  15. SNMP Transport

  16. get getnext getbulk (SNMPv2 and SNMPv3) getresponse set trap inform (SNMPv2 and SNMPv3) SNMP Operations

  17. Get and getresponse SNMP Operations

  18. Getnext – retreive a group of values SNMP Operations

  19. Getbulk – retreive a section of a table SNMP Operations

  20. Set – change value or create a new row in the table SNMP Operations

  21. Trap – asynchronous operation SNMP Operations

  22. Check message integrity - To verify that each received message has not been modified during its transmission . User authentication - To verify the identity of the user on whose behalf a received message claims to have been generated. Message timestamp – to detect outdated messages Message confidentiality - To assure that the contents of each received message are protected/encrypted. Primary Goals of SNMPv3

  23. Primary Goals of SNMPv3

  24. Two core modules within the framework are the User-based Security Model (USM) and the View-based Access Control Model (VACM). The USM is in charge of authenticating/encrypting/decrypting SNMP packets The VACM is in charge of administering access to MIB data. SNMPv3 security framework

  25. Authentication -Each SNMP entity is identified by SNMPEngineID, and SNMP communication is possible only if an SNMP entity knows the identity of its peer. Traps and Notifications are exceptions to this rule.Protection against: Modification of Information (Data Integrity)Ensure that the data is not maliciously altered during transit by an unauthorized entity. Masquerading (Data Origin Authentication)Ensure that it is known exactly who and where the data came from to prevent an unauthorized entity from assuming the identity of an authorized user. Disclosure (Data Confidentiality)Ensure that an unauthorized entity cannot eavesdrop on the data exchanges. Message Stream Modification (Message Timeliness)Ensure that the data was received in a timely manner to prevent malicious re-ordering of data by an unauthorized entity. SNMPv3 security framework

  26. USM communication mechanisms available: Communication without authentication and privacy (NoAuthNoPriv). Communication with authentication and without privacy (AuthNoPriv). Communication with authentication and privacy (AuthPriv). Different authentication and privacy protocols supported - Currently, the MD5 and SHA authentication protocols and the CBC_DES and CFB_AES_128 privacy protocols are supported in the USM. SNMPv3 User-based Secuirity Model

  27. The Access Control Subsystem of an SNMP entity has the responsibility for checking whether a specific type of access to a specific managed object is allowed. Access control occurs in the agent when processing SNMP retrieval or modification request messages from a manager, and also when a notification message must be sent to the manager. Elaborates on the concept of community strings in the previous versions of SNMP SNMPv3 VCAM

More Related