Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Management Security in distributed and remote network management protocols.

Published byRosalind Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Management Security in distributed and remote network management protocols."— Presentation transcript:

1 Network Management Security in distributed and remote network management protocols

2 Network Management l What is it? l Why do we need it? l What are our options with regard to selecting a network management scheme? l What are the security flaws it can introduce l What can be done to minimize the risk of these security flaws?

3 Network Management: What is it? l Hardware l Software l Protocols l Allows for remote management of the network from convenient, centralized sites

4 Network Management: Why is it needed? l Lowers costs by eliminating the need for many administrators at multiple locations performing the same function l Makes network administration and monitoring easier and more convenient l Coherent presentation of data

5 Major NM Options l SNMPv1 l SNMPv2 l SNMPv2c l DCE l Vendor proprietary solutions l SNMPv3 (future)

6 SNMPv1 History l Why was it created? l RFC 1157, 1990: “A Simple Network Management Protocol (SNMP)” l RFC 1155, 1158, 1990: Original specification2 of the MIBII

7 SNMPv1 Overview l Information to be stored laid out in the Management Information Base (MIB) l Specification of fields to be collected, data types, formatting, access controls l Written in ASN.1

8 SNMPv1 Protocol Five Simple Messages: l get-request l get-next-request l get-response l set-request l trap

9 SNMPv1 Protocol continued... Manager Agent get_request get_next_request get_response port 161 port 162 get_response set_request trap

10 SNMPv1 Protocol continued... l UDP Transport Mechanism l Community: Shared “password” between agent and manager l PDU: Specifies request type l Request ID l Error Status l Error Index

11 SNMPv1 Packet Format UDP Header VersionCommunity PDU Type Request ID Error Status Error Index namevaluename...

12 SNMPv1 Security Flaws l Transport Mechanism Data manipulation Denial of Service Replay l Authentication Host Based Community Based l Information Disclosure

13 SNMPv1 Transport Mechanism Flaws UDP Based l Unreliable - packets may or may not be received l Easily forged - trivial to forge source of packets

14 SNMPv1 Authentication Flaws l Host Based Fails due to UDP transport DNS cache poisoning l Community Based Cleartext community Community name prediction/brute forcing Default communities

15 SNMPv1 Information Disclosure l Routing tables l Network topology l Network traffic patterns l Filter rules

16 SNMPv1 Security Flaw Implications l Altering/Manipulation of network by unauthorized individuals l Denial of Service on whole networks l Modification of ACL’s l Clear topology of network behind router l Makes creation of more sophisticated host based attacks easier

17 SNMPv2 History l RFC 1441, 1993: “Introduction to version 2 of the Internet-standard Network Management Framework” l RFC 1446, 1993: “Security Protocols for version 2 of the Simple Network Management Protocol” l Written to address security and feature deficiencies in SNMPv1

18 SNMPv2 Protocol l Extension to SNMPv1 l Provided security model l 2 new commands get-bulk-request inform-request

19 SNMPv2 Protocol continued... privDst dstPartysrcPartycontextPDU privDst dstPartysrcPartycontextPDU privDst dstPartysrcPartycontextPDU privDst authInfo 0-length OCTET STRING General Format Nonsecure Message digestdstTimesrcTime dstPartysrcPartycontextPDU digestdstTimesrcTime dstPartysrcPartycontextPDU 0-length OCTET STRING Authenticated, not encrypted Private, not authenticated Private and authenticated

20 SNMPv2 Security Flaws l Replay 4 types of time error conditions manager’s version of agent’s clock greater than agent’s actual clock manager’s clock greater then agent’s version of manager’s clock agent’s clock greater than manager’s version of agent’s clock agent’s version of manager’s clock greater than the manager’s version of the manager’s clock

21 SNMPv2 Security flaws... l Replay attacks possible via complex clock attacks l Implementation specific, typically in violation of protocol

22 SNMPv2 Security Flaws Attacks against DES l Duplication of privDst in dstPty allows for known plaintext attacks l 16 character, user defined DES pass phrase, l Allows easy dictionary attacks

23 SNMPv2 Security Flaws MD5 attacks l Again, user defined l 16 character secret offset l Dictionary attackable l Offset guessing

24 SNMPv2 Security l Still uses UDP transport l SNMPv1 Compatibility can compromise security l Default DES and MD5 phrases l Does not prevent D.O.S or traffic analysis

25 SNMPv2C l What is it? l Why does it exist

26 SNMPv2C Protocol l SNMPv2 additional PDU types l SNMPv1 Community based authentication l UDP transport l All the features of SNMPv2 with the security of SNMPv1

27 RMON and RMON2 Security l SNMPv1’s flaws l additional hazards by introducing “action invocation” objects l collects extensive info on subnet l packet captures

28 Future Options l SNMPv3 New IETF draft just released Similar to SNMPv2 Addresses time drift and replay attacks l IPsec Offers cure/fix to existing implementations Some theoretical attacks described

29 Network Management Ideal l Reliable transport TCP T/TCP IPsec (IPv6) UDP l Authentication MD5 or SHA Randomly generated keys Secure bulk encryption (3des, IDEA, blowfish)

30 Network Management Ideal l Ticket based systems (kerberized?) l Secure key distribution (PK?)

31 Securing existing implementations l Risk assessment l Minimization of use l Allow get-*’s only, no remote setting l Eliminate defaults l Filtering from outside l Secure vendor implementations

32 Questions?

Download ppt "Network Management Security in distributed and remote network management protocols."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
CIS 203 17 : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.

CIS : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.

Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001.

Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001.
CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim 04.19.2010.

CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
NS-H0503-02/11041 SNMP. NS-H0503-02/11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.

1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University

SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University
Introduction to SNMP AfNOG 11, Kigali/Rwanda.

Introduction to SNMP AfNOG 11, Kigali/Rwanda.
1 Network Management Computer Networks. 2 OSI Network Management Model Performance Management e.g. utilization Fault Management e.g. SNMP traps Configuration.

1 Network Management Computer Networks. 2 OSI Network Management Model Performance Management e.g. utilization Fault Management e.g. SNMP traps Configuration.
Chapter 6 Overview Simple Network Management Protocol

Chapter 6 Overview Simple Network Management Protocol
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.

McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

Similar presentations

Ads by Google