chapter 8hvthao/courses/network_se… · · 2013-01-25chapter 8 network management security ......
TRANSCRIPT
![Page 1: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/1.jpg)
Henric Johnson 1
Chapter 8
Network Management Security
Henric Johnson
Blekinge Institute of Technology, Sweden
http://www.its.bth.se/staff/hjo/
![Page 2: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/2.jpg)
Henric Johnson 2
Outline
• Basic Concepts of SNMP
• SNMPv1 Community Facility
• SNMPv3
• Recommended Reading and WEB Sites
![Page 3: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/3.jpg)
Henric Johnson 3
Basic Concepts of SNMP• An integrated collection of tools for
network monitoring and control.– Single operator interface– Minimal amount of separate equipment.
Software and network communications capability built into the existing equipment
• SNMP key elements:– Management station– Managament agent– Management information base– Network Management protocol
• Get, Set and Notify
![Page 4: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/4.jpg)
Henric Johnson 4
Protocol context of SNMP
![Page 5: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/5.jpg)
Henric Johnson 5
Proxy Configuration
![Page 6: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/6.jpg)
Henric Johnson 6
![Page 7: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/7.jpg)
Henric Johnson 7
SNMP v1 and v2
• Trap – an unsolicited message (reporting an alarm condition)
• SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as the transport layer protocol.
• SNMPv2 allows the use of TCP for ”reliable, connection-oriented” service.
![Page 8: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/8.jpg)
Henric Johnson 8
Comparison of SNMPv1 and SNMPv2SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for each listed object
GetRequest GetRequest Manager to agent Request next value for each listed object
------ GetBulkRequest Manager to agent Request multiple values
SetRequest SetRequest Manager to agent Set value for each listed object
------ InformRequest Manager to manager
Transmit unsolicited information
GetResponse Response Agent to manager or Manage to manager(SNMPv2)
Respond to manager request
Trap SNMPv2-Trap Agent to manager Transmit unsolicited information
![Page 9: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/9.jpg)
Henric Johnson 9
SNMPv1 Community Facility
• SNMP Community – Relationship between an SNMP agent and SNMP managers.
• Three aspect of agent control:– Authentication service
– Access policy
– Proxy service
![Page 10: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/10.jpg)
Henric Johnson 10
SNMPv1 Administrative Concepts
![Page 11: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/11.jpg)
Henric Johnson 11
SNMPv3• SNMPv3 defines a security capability
to be used in conjunction with SNMPv1 or v2
![Page 12: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/12.jpg)
Henric Johnson 12
SNMPv3 Flow
![Page 13: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/13.jpg)
Henric Johnson 13
Traditional SNMP Manager
![Page 14: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/14.jpg)
Henric Johnson 14
Traditional SNMP Agent
![Page 15: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/15.jpg)
Henric Johnson 15
SNMP3 Message Format with USM
![Page 16: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/16.jpg)
Henric Johnson 16
User Security Model (USM)
• Designed to secure against:– Modification of information– Masquerade– Message stream modification– Disclosure
• Not intended to secure against:– Denial of Service (DoS attack)– Traffic analysis
![Page 17: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/17.jpg)
Henric Johnson 17
Key Localization Process
![Page 18: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/18.jpg)
Henric Johnson 18
View-Based Access Control Model (VACM)
• VACM has two characteristics:– Determines wheter access to a managed
object should be allowed.
– Make use of an MIB that:• Defines the access control policy for this
agent.
• Makes it possible for remote configuration to be used.
![Page 19: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/19.jpg)
Henric Johnson 19
Access control decision
![Page 20: Chapter 8hvthao/courses/network_se… · · 2013-01-25Chapter 8 Network Management Security ... •Subramanian, Mani. Network Management. Addison-Wesley, 2000 •Stallings, W. SNMP,](https://reader030.vdocuments.us/reader030/viewer/2022013113/5b051fd67f8b9abf568b530c/html5/thumbnails/20.jpg)
Henric Johnson 20
Recommended Reading and WEB Sites
• Subramanian, Mani. Network Management. Addison-Wesley, 2000
• Stallings, W. SNMP, SNMPv1, SNMPv3 and RMON 1 and 2. Addison-Wesley, 1999
• IETF SNMPv3 working group (Web sites)
• SNMPv3 Web sites