1 / 10

SNMP Usage Recommendations

SNMP Usage Recommendations. SIA Working Group Presentation January 2015 SIA SNMP Working Group 2015. SNMP Preferred Features. Accurate device identification Support enough MIB objects to manage the device in question MIB publically distributed MIB “compilable” with standard tools

antwant
Télécharger la présentation

SNMP Usage Recommendations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SNMP Usage Recommendations SIA Working Group Presentation January 2015 SIA SNMP Working Group 2015 Information. Insight. Influence. www.securityindustry.org

  2. SNMP Preferred Features Accurate device identification Support enough MIB objects to manage the device in question MIB publically distributed MIB “compilable” with standard tools Secure access (TLS please?) User configurable fields for site specific data Information. Insight. Influence. www.securityindustry.org

  3. Preferred SNMP - Details Relevant MIB object groups • From RFC 1213: System, Interfaces, Address Translation, IP, ICMP, TCP, UDP, EGP, Transmission, SNMP • Multicast (RFC 5132) • PoE (example: CISCO-POE-PD-MIB-V1SMI [2]) At least read access, preferably secure read/write Information. Insight. Influence. www.securityindustry.org

  4. Recommended SNMP Use: Protocol TLS over TCP would be ideal as it provides secure NPE support SNMPv3 (with usernames) should be used as it provides security SNMPv2c (i.e. best available unencrypted UDP SNMP) should be widely deployed and stable (see for example Cisco switches) SNMP supports the network and some additional functional details. It’s not an application framework repurposed to examine the transport over which the application traffic travels. Information. Insight. Influence. www.securityindustry.org

  5. Recommended SNMP Use: MIB Objects Relevant pre-existing MIB object groups • From RFC 1213: System, Interfaces, Address Translation, IP, ICMP, TCP, UDP, EGP, Transmission, SNMP • Multicast (RFC 5132) • PoE (example: CISCO-POE-PD-MIB-V1SMI [2]) Information. Insight. Influence. www.securityindustry.org

  6. Recommended SNMP Use: View/Manage Minimum is read-only access sufficient to troubleshoot network issues Ideal is read/write under secure conditions Management is about managing the network-attachment state of the device, not application management Vendor-specific device management is fully facilitated, provides for vendor value-add through technology diversity using interoperable protocols. Information. Insight. Influence. www.securityindustry.org

  7. Recommended SNMP Use: MIB Content Actually use system group and other features to identify device, location, software version, etc. Support network management specifically to include statistics on network traffic Securely writeable values to manage the device Securely controllable remote restart Facilitate vendor facility for firmware upgrade Facilitate vendor device health check Information. Insight. Influence. www.securityindustry.org

  8. OID Background Info Object Identifiers (OID’s) have been around for decades. It’s an international thing. There’s an arc, starts with one number. It’s defined in CCITT/ITU X.208 Organizations have carved up the number space, together. IETF manages a “private enterprise number- PEN” space e.g. IDmachines is 37770 and SIA is 42531. OID’s are used for many labelling purposes including certificates, SNMP, and other things. A conversation about the design of the OID’s and what SIA hopes to accomplish with them is a short term goal Information. Insight. Influence. www.securityindustry.org

  9. SIA OID Architecture SIA – PEN from IETF SIA.1 – Experimental Use SIA.2 – Working Group Use SIA.2.1 SNMP WG SIA.2.2 ICAM WG SIA.3 PE+NPE Identity Objects SIA.4 SNMP NPE Objects Information. Insight. Influence. www.securityindustry.org

  10. SIA OID Examples SIA.1.2.1 – experimental device type for WG work SIA.2.2.2 – NFI label for SIA test certs for FICAM interop work SIA.4.1.1 – hypothetical OID for a camera in the devices group within the SIA SNMP MIB. Information. Insight. Influence. www.securityindustry.org

More Related