CSCE 815 Network Security Lecture 17 SNMP Simple Network Management Protocol March 25, 2003.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

AP STUDY SESSION 2.
1
Distributed Systems Architectures
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Processes and Operating Systems
1 Hyades Command Routing Message flow and data translation.
David Burdett May 11, 2004 Package Binding for WS CDL.
1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
CALENDAR.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.
1 Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Break Time Remaining 10:00.
Turing Machines.
Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.
PP Test Review Sections 6-1 to 6-6
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Bellwork Do the following problem on a ½ sheet of paper and turn in.
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Chapter 20 Network Layer: Internet Protocol
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
Nov-03 ©Cisco Systems CCNA Semester 1 Version 3 Comp11 Mod11 – St. Lawrence College – Cornwall Campus, ON, Canada – Clark slide 1 Cisco Systems CCNA Version.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets.
Adding Up In Chunks.
FAFSA on the Web Preview Presentation December 2013.
MaK_Full ahead loaded 1 Alarm Page Directory (F11)
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.
: 3 00.
5 minutes.
1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
1 Titre de la diapositive SDMO Industries – Training Département MICS KERYS 09- MICS KERYS – WEBSITE.
Essential Cell Biology
Clock will move after 1 minute
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 9 TCP/IP Protocol Suite and IP Addressing.
PSSA Preparation.
Chapter 6 SNMPv2 6-1 Network Management: Principles and Practice
Organization and Information Models
Henric Johnson1 Chapter 12 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY.
Physics for Scientists & Engineers, 3rd Edition
1 1/15/ :37 Chapter 14Network Management1 Rivier College CS575: Advanced LANs Chapter 14: Network Management.
Select a time to count down from the clock above
Introduction Peter Dolog dolog [at] cs [dot] aau [dot] dk Intelligent Web and Information Systems September 9, 2010.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 System support & Management Protocols Lesson 13 NETS2150/2850 School of Information Technologies.
1 Network Management Security Behzad Akbari Fall 2009 In the Name of the Most High.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Henric Johnson1 Chapter 12 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden
SNMP Simple Network Management Protocol SNMP Simple Network Management Protocol Haris Ribic.
Network Management Security
CSCE 815 Network Security Lecture 18 SNMP Simple Network Management Protocol March 25, 2003.
Network Management Security
1 Kyung Hee University Prof. Choong Seon HONG Chapter 15 SNMPV3 Architecture and Applications.
Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Computer and Information Security
SNMPv3 OVERVIEW: DESIGN DECISIONS ARCHITECTURE SNMP MESSAGE STRUCTURE
Network Management Security
Presentation transcript:

CSCE 815 Network Security Lecture 17 SNMP Simple Network Management Protocol March 25, 2003

– 2 – CSCE 815 Sp 03 Need for Network Management Tools In the early days of the Arpanet, the predecessor of the Internet, the name service was accomplished by maintaining and distributing one file with all the IP addresses of the network. But no more … DNS etc As networks increase in size  The network becomes more indispensable to the organization.  More things can go wrong, disabling or degrading the performance of portions of the network. Today a large network cannot be managed with software assistance.

– 3 – CSCE 815 Sp 03 SNMP History SNMP version 1 was published in 1988 Widely accepted RFC 1157 SNMP version 2 added additional functionality RFC 1441 (1993) SNMP v3 added security features RFC (1999)

– 4 – CSCE 815 Sp 03 SNMP v3 Introduction and Applicability Statements for Internet Standard Management Framework, RFC 3410, Informational, December 2002 Introduction and Applicability Statements for Internet Standard Management Framework An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks, RFC 3411, STD 62, December 2002 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC 3412, STD 62, December 2002 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) Applications RFC 3413, STD 62, December 2002 Simple Network Management Protocol (SNMP) Applications User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 3414, STD 62, December 2002 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) RFC 3415, STD 62, December 2002 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP

– 5 – CSCE 815 Sp 03 SNMP Management Station Management station – typically a stand alone device; an interface for human net manager Management agent – Management information base Network Management protocol Get, Set and Notify

– 6 – CSCE 815 Sp 03 SNMP GOALS UBIQUITY PCs AND CRAYs INCLUSION OF MANAGEMENT SHOULD BE INEXPENSIVE SMALL CODE LIMITED FUNCTIONALITY MANAGEMENT EXTENSIONS SHOULD BE POSSIBLE NEW MIBs MANAGEMENT SHOULD BE ROBUST CONNECTIONLESS TRANSPORT Resource/reference for next few slides Copyright © 2001 by Aiko Pras These sheets may be used for educational purposes

– 7 – CSCE 815 Sp 03 SNMP OPERATION

– 8 – CSCE 815 Sp 03 SNMP

– 9 – CSCE 815 Sp 03 SNMP OPERATION

– 10 – CSCE 815 Sp 03 Basic Concepts of SNMP A network management system is an integrated collection of tools for network monitoring and control. Single operator interface Minimal amount of separate equipment. Software and network communications capability built into the existing equipment.

– 11 – CSCE 815 Sp 03 SNMP Management Station Management station will include: an interface for the human net manager for monitoring and controlling the network an interface for the human net manager for monitoring and controlling the network management applications for data analysis and fault recovery management applications for data analysis and fault recovery Translation of network manager commands to actual controls of the network Translation of network manager commands to actual controls of the network A database of the MIBs of all managed entities of the network A database of the MIBs of all managed entities of the network

– 12 – CSCE 815 Sp 03 SNMP Management Agent Key platforms: hosts, bridges, routers, hubs equipped with SNMP management agent SNMP management agent is a program that communicates with the SNMP management station  Responds to requests for information on network status  Responds to requests for management actions  May asynchronously provide the management station with unsolicited “alert” information

– 13 – CSCE 815 Sp 03 SNMP Management Information Base Each network resource is represented as an object (data variable) Management Information Base (MIB) is the collection of objects that an agent maintains Objects in MIB are standardized across the type of agent such as routers, bridges, etc. A management station monitors the network by requesting values from the MIBs A management station controls the network by setting values in the MIBs of the various agents

– 14 – CSCE 815 Sp 03 SNMP Network Management Protocol Capabilities of SNMP  Get - get the value of an object from an agent  Set – set the value of an object of an agent  Notify – agent alerts the management station

– 15 – CSCE 815 Sp 03 Protocol context of SNMP

– 16 – CSCE 815 Sp 03 Notes on SNMP protocol It was designed to be an application level protocol. It was designed to be easily implemented and consume modest processor and network resources. SNMP  UDP  IP  data link layer (ethernet) Each agent must implement SNMP, UDP and IP. SNMP messages  GetResponse  GetNextResponse  SetRequest  GetResponse  Trap SNMP is connectionless (because UDP is).

– 17 – CSCE 815 Sp 03 SNMP Proxies Note all are capable of implementing SNMP(UDP,IP) e.g., bridges, modems etc. Concept of a proxy was added to accommodate such devices. SNMPv2 added the capability of running on the OSI as well as the TCP/IP protocol suite

– 18 – CSCE 815 Sp 03 Proxy Configuration

– 19 – CSCE 815 Sp 03 SNMPv2 The strength of SNMPv1 was simplicity implying it was easy to implement and configure. However, deficiencies arose:  Lack of support for distributed network management  Functional deficiencies  Security deficiencies The first two were addressed by SNMPv2 and the latter by SNMPv3.

– 20 – CSCE 815 Sp 03

– 21 – CSCE 815 Sp 03 SNMP v1 and v2 Trap – an unsolicited message (reporting an alarm condition) SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as the transport layer protocol. SNMPv2 allows the use of TCP for reliable, connection- oriented” service.

– 22 – CSCE 815 Sp 03 Comparison of SNMPv1 and SNMPv2 Table 8.1 SNMPv1 PDU SNMPv2 PDU DirectionDescription GetRequestGetRequest Manager to agent Request value for each listed object GetRequestGetRequest Manager to agent Request next value for each listed object GetBulkRequest Manager to agent Request multiple values SetRequestSetRequest Manager to agent Set value for each listed object InformRequest Manager to manager Transmit unsolicited information GetResponseResponse Agent to manager or Manage to manager(SNMPv2) Respond to manager request TrapSNMPv2-Trap Agent to manager Transmit unsolicited information

– 23 – CSCE 815 Sp 03 SNMPv1 Community Facility SNMP provides only rudimentary secuirty through the concept of communitiy. SNMP Community – Relationship between an SNMP agent and SNMP managers. Maintain locally on the agent List of managers with associated access privalidges Each agent controls its MIB; aspects of this control Authentication service – which manager can access/control Access policy Proxy service – this may involve implementing authentication service for other devices

– 24 – CSCE 815 Sp 03 SNMP Access Policy SNMP MIB view – a subset of the objects SNMP access modes: Read-Only, Read-Write SNMP community profile = SNMP MIB view + access-mode SNMP access policy = SNMP community + SNMP community-profile

– 25 – CSCE 815 Sp 03 SNMPv1 Administrative Concepts

– 26 – CSCE 815 Sp 03 SNMPv3 SNMPv3 defines a security capability to be used in conjunction with SNMPv2 preferably or possibly v1

– 27 – CSCE 815 Sp 03 SNMPv3 Archttecture Consists of a distributed collection of SNMP entities

– 28 – CSCE 815 Sp 03 SNMP Manager

– 29 – CSCE 815 Sp 03 SNMP Agent

– 30 – CSCE 815 Sp 03 SNMPv3 Flow

– 31 – CSCE 815 Sp 03 PRIMITIVES BETWEEN MODULES

– 32 – CSCE 815 Sp 03 sendPdu

– 33 – CSCE 815 Sp 03 prepareOutgoingMessage

– 34 – CSCE 815 Sp 03 generateRequestMsg

– 35 – CSCE 815 Sp 03 send / receive

– 36 – CSCE 815 Sp 03 prepareDataElements

– 37 – CSCE 815 Sp 03 processIncomingMsg

– 38 – CSCE 815 Sp 03 processPd

– 39 – CSCE 815 Sp 03 isAccessAllowed

– 40 – CSCE 815 Sp 03 returnResponsePdu

– 41 – CSCE 815 Sp 03 prepareResponseMessage

– 42 – CSCE 815 Sp 03 generateResponseMsg

– 43 – CSCE 815 Sp 03 send / receive

– 44 – CSCE 815 Sp 03 prepareDataElements

– 45 – CSCE 815 Sp 03 processIncomingMsg

– 46 – CSCE 815 Sp 03 processResponsePdu

– 47 – CSCE 815 Sp 03 SNMP3 Message Format with USM

– 48 – CSCE 815 Sp 03 User Security Model (USM) Designed to secure against: Modification of information Masquerade Message stream modification Disclosure Not intended to secure against: Denial of Service (DoS attack) Traffic analysis

– 49 – CSCE 815 Sp 03 Key Localization Process

– 50 – CSCE 815 Sp 03 View-Based Access Control Model (VACM) VACM has two characteristics: Determines wheter access to a managed object should be allowed. Make use of an MIB that: Defines the access control policy for this agent. Makes it possible for remote configuration to be used.

– 51 – CSCE 815 Sp 03 Access control decision

– 52 – CSCE 815 Sp 03 Recommended Reading and WEB Sites Subramanian, Mani. Network Management. Addison- Wesley, 2000 Stallings, W. SNMP, SNMPv1, SNMPv3 and RMON 1 and 2. Addison-Wesley, 1999 IETF SNMPv3 working group (Web sites) SNMPv3 Web sites

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.