1 / 23

Chapter 8

Chapter 8. Network Management Security. Outline. Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites. Basic Concepts of SNMP. An integrated collection of tools for network monitoring and control. Single operator interface

teagan-stephens
Télécharger la présentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 Network Management Security

  2. Outline • Basic Concepts of SNMP • SNMPv1 Community Facility • SNMPv3 • Recommended Reading and WEB Sites

  3. Basic Concepts of SNMP • An integrated collection of tools for network monitoring and control. • Single operator interface • Minimal amount of separate equipment. Software and network communications capability built into the existing equipment • SNMP key elements: • Management station • Managament agent • Management information base • Network Management protocol • Get, Set and Notify

  4. Protocol context of SNMP

  5. Proxy Configuration

  6. SNMP v1 and v2 • Trap – an unsolicited message (reporting an alarm condition) • SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as the transport layer protocol. • SNMPv2 allows the use of TCP for ”reliable, connection-oriented” service.

  7. Comparison of SNMPv1 and SNMPv2

  8. SNMPv1 Community Facility • SNMP Community – Relationship between an SNMP agent and SNMP managers. • Three aspect of agent control: • Authentication service • Access policy • Proxy service

  9. SNMPv1 Administrative Concepts

  10. Traditional SNMP Manager

  11. Traditional SNMP Agent

  12. SNMPv3 Flow

  13. SNMPv3

  14. SNMP3 Message Format with USM

  15. User Security Model (USM) • Designed to secure against: • Modification of information • Masquerade • Message stream modification • Disclosure • Not intended to secure against: • Denial of Service (DoS attack) • Traffic analysis

  16. Key Localization Process

  17. View-Based Access Control Model (VACM) • VACM has two characteristics: • Determines wheter access to a managed object should be allowed. • Make use of an MIB that: • Defines the access control policy for this agent. • Makes it possible for remote configuration to be used.

  18. VACM • VACM enables and SNMP engine to be configured to enforce a particular set pf access rights, which constitutes access policy that depends on : • Principal • Security level and model • MIB context • object instance • Type of access

  19. VACM logic

  20. Access control processing • An SNMP application invokes VACM via the isAcessAllowedprimitive, with the input parameters.

  21. Considerations for making the access control decision. • Who • Where • How • Why • What • which

  22. Summary • We have discussed • Basic concepts of SNMP • Versions of SNMP

More Related