Management Attributes RADEXT WG November 8, 2005 Dave Nelson Greg Weber IETF-64, Vancouver.

Slides:

Advertisements

Similar presentations

1 ISMS WG 79th IETF Beijing November 10, 2010 Goal:Creating a security model for SNMPv3 that will meet the security and operational needs of network administrators.

Advertisements

Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

Chapter 19: Network Management Business Data Communications, 5e.

RADEXT WG draft-ietf-radext-ieee802ext-03 Bernard Aboba November 6, 2012 IETF 85 Please join the Jabber room:

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

Policy-based Accounting: Accounting Issues Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Center for Information Technology.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-02.txt.

Integrated Security Model for SNMPv3 (ISMS) pronounced "is" "miss" David T. Perkins & Wes Hardaker 60 th IETF August 6, 2004.

Session-based Security Model for SNMPv3 (SNMPv3/SBSM) David T. Perkins Wes Hardaker IETF November 12, 2003.

55 th IETF 1 55 th IETF Network Management for GSMP Interface draft-cha-gsmp-management-01.txt YoungWook Cha Andong National.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

1 Introduction to Internet Network Management Mi-Jung Choi Dept. of Computer Science KNU

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman

User Access to Router Securing Access.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

Slide 1 SNMPv3, SSH & Cisco Matthew G. Marsh Chief Scientist of the NEbraskaCERT.

Security Requirements for Software Defined Networks Internet Area WG IETF 85: Atlanta November 4, 2012 Margaret Wasserman

Do We Need a New Network Management Framework? David Harrington IETF66 OPS Area Meeting Montreal, Quebec, Canada.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)

Chapter 3: Authentication, Authorization, and Accounting

IETF63 - enum WG1 ENUM validation architecture & friends Alex Mayrhofer enum.at / 3.4.e164.arpa Bernie Höneisen SWITCH.

1 Miscellaneous Capabilities for IP Network Infrastructure IETF 64 Vancouver, BC, Canada November 2005.

Management Information Base for Version 2 of the Simple Network Management Protocol (MIB for SNMPv2)

RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.

SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel)

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

SNMP for the PAA-EP protocol PANA wg - IETF 62 Minneapolis Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-03.txt.

RADEXT WG RADIUS Attribute Guidelines Greg Weber March 21 st, 2006 IETF-65, Dallas v1 draft-weber-radius-attr-guidelines-02.txt draft-wolff-radext-ext-attribute-00.txt.

1 BGP Traffic Engineering Attribute draft-fedyk-bgp-te-attribute-03.txt Yakov Rekhter, Don Fedyk, Hamid Ould-Brahim IETF 70 th, Vancouver Meeting, CCAMP,

ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.

2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin

SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.

RADEXT WG RADIUS Attribute Guidelines Greg Weber IETF-63, Paris.

Diameter SIP Application

RADIUS Extended Attributes for Management Authorization David B. Nelson IETF 62, RADEXT WG March 9, 2005.

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,

Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

RADIUS attributes commonly used in fixed networks draft-klammorrissette-radext-very-common-vsas-00 Devasena Morrissette, Frederic Klamm, Lionel Morand.

RADIUS Attributes for Management Authorization David B. Nelson IETF 66, RADEXT WG July 10, 2006.

Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.

Transport Mapping Security Model D. Harrington. Architecture Transport Mapping Dispatcher Message Processing Model ApplicationsAccess Control Model TM.

draft-ietf-pim-join-attributes-01 draft-ietf-pim-rpf-vector-02

Convergence of Network Management Protocols

Instructor Materials Chapter 5: Network Security and Monitoring

XCON WG IETF-64 Meeting XCON Framework Overview & Issues

RADEXT WG RADIUS Attribute Guidelines

IEEE 802 OmniRAN Study Group: SDN Use Case

SNMP usage for PAA-EP PANA wg - IETF 63 Paris

for IP Mobility Protocols

Introduction to Internet Network Management

Radius Attribute for MAP draft-jiang-softwire-map-radius-03

RADEXT WG RADIUS Attribute Guidelines draft-weber-radius-attr-guidelines-01.txt Greg Weber November 8th, 2005 v1 IETF-64, Vancouver.

Chapter 5: Network Security and Monitoring

draft-ietf-pim-igmp-mld-yang-04

مراجعه النظم Information Systems Audit

3GPP and SIP-AAA requirements

Chapter 5 SNMP Management

Chapter 5 SNMP Management

IETF Liaison Report January 2004 Dorothy Stanley – Agere Systems

Presentation transcript:

Management Attributes RADEXT WG November 8, 2005 Dave Nelson Greg Weber IETF-64, Vancouver

Management Attributes Extends existing, CLI-oriented support for management access (Admin/NAS-Prompt) draft-nelson-radius-management-authorization-02.txt JFMAMJJASONDJFMAMJJASOND Indiv-00 Indiv-01 Draft Revisions RADEXT Presentations IETF-64, Vancouver Indiv-02 IETF-64 IETF-62 IETF-60 Framed Management methods (HTTP, SNMP, etc.) Granular management access rights (local policy) Secure CLI access Enhanced auditability

Management Attributes New Service-Type value –Framed-Management (As opposed to Admin or NAS-Prompt) New Attributes –Framed-Management-Protocol Used for SNMPv3, HTTP, HTTPS, SFTP, SCP –Non-Framed-Management-Security SSH, none... –Management-Policy-Id Opaque locally defined policy name –Non-Framed-Management-Command e.g. a particular CLI command –Framed-Management-Operation e.g. a particular SNMP get/set –Management-Context Context for command or operations, e.g. CLI sub-mode, role draft-nelson-radius-management-authorization-02.txt IETF-64, Vancouver

Management Attributes Changes from -01 draft Issue 81: SFTP and SCP Left Out SFTP and SCP should be treated separately from SSH-based console access. Resolution: SFTP & SCP added as new values for the Framed-Management-Protocol attribute. Additional text regarding SSH usage as Non-Framed- Management-Security. draft-nelson-radius-management-authorization-02.txt IETF-64, Vancouver

Management Attributes ISMS WG Applicability –Centralized authentication for SNMP Engine’s security principal. Unifies SNMP space identities with existing AAA databases. –Ties to existing SNMPv3 access control (VACM). –Simple backend configuration, local policy definition. draft-nelson-radius-management-authorization-02.txt IETF-64, Vancouver From ISMS WG charter: Specify a mapping from RADIUS-provisioned authentication and authorization parameter(s) to securityName and other corresponding SNMP parameters. This item may be a RADEXT work item last-called in both groups.

Management Attributes Questions? Volunteer reviewers? RADEXT work item? draft-nelson-radius-management-authorization-02.txt IETF-64, Vancouver