Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY.

Published byCoby Hudson Modified over 10 years ago

Similar presentations

Presentation on theme: "CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY."— Presentation transcript:

1 CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY

2 CS 678 P. T. Chung2 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites

3 CS 678 P. T. Chung3 Basic Concepts of SNMP An integrated collection of tools for network monitoring and control. Single operator interface Minimal amount of separate equipment. Software and network communications capability built into the existing equipment SNMP key elements: Management station Managament agent Management information base Network Management protocol Get, Set and Notify

4 CS 678 P. T. Chung4 PRINCIPLE OPERATION

5 CS 678 P. T. Chung5 SNMP STRUCTURE

6 CS 678 P. T. Chung6 Protocol context of SNMP

7 CS 678 P. T. Chung7 Proxy Configuration

8 CS 678 P. T. Chung8

9 9 SNMP v1 and v2 Trap – an unsolicited message (reporting an alarm condition) SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as the transport layer protocol. SNMPv2 allows the use of TCP for ”reliable, connection-oriented” service.

10 CS 678 P. T. Chung10 SNMP PROTOCOL

11 CS 678 P. T. Chung11 OVERVIEW OF PDUs

12 CS 678 P. T. Chung12 TO REQUEST THE VALUE OF 1 OR MORE VARIABLES POSSIBLE ERRORS: noSuchName Object does not exist / Object is not a leaf tooBig Result does not fit in response PDU genErr All other causes

13 CS 678 P. T. Chung13 EXAMPLE MIB

14 CS 678 P. T. Chung14 GET EXAMPLES get(1.1.0) response(1.1.0 => 130.89.16.2) get(1.2.0) response(error-status = noSuchName) get(1.1) response(error-status = noSuchName) get(1.1.0; 1.2.2.0) response(1.1.0 => 130.89.16.2; 1.2.2.0 => 123456) get(1.3.1.3.5.1) response(1.3.1.3.5.1 => 2) get(1.3.1.1.5.1) response(1.3.1.1.5.1 => 5) get(1.3.1.1.5.1, 1.3.1.2.5.1, 1.3.1.3.5.1) response(1.3.1.1.5.1 => 5, 1.3.1.2.5.1 => 1, 1.3.1.3.5.1 => 2)

15 CS 678 P. T. Chung15 MESSAGE & PDU STRUCTURE

16 CS 678 P. T. Chung16 Comparison of SNMPv1 and SNMPv2 SNMPv1 PDUSNMPv2 PDU Direction Description GetRequest Manager to agentRequest value for each listed object GetRequest Manager to agentRequest next value for each listed object ------GetBulkRequestManager to agentRequest multiple values SetRequest Manager to agentSet value for each listed object ------InformRequestManager to managerTransmit unsolicited information GetResponseResponseAgent to manager or Manage to manager(SNMPv2) Respond to manager request TrapSNMPv2-TrapAgent to managerTransmit unsolicited information

17 CS 678 P. T. Chung17 SNMPv1 Community Facility SNMP Community – Relationship between an SNMP agent and SNMP managers. Three aspect of agent control: Authentication service Access policy Proxy service

18 CS 678 P. T. Chung18 SNMPv1 Administrative Concepts

19 CS 678 P. T. Chung19 SNMPv2 PROTOCOL OPERATIONS

20 CS 678 P. T. Chung20 GET-BULK NEW COMMAND getBulk IN SNMPv2 TO RETRIEVE A LARGE NUMBER OF VARBINDS IMPROVES PERFORMANCE!

21 CS 678 P. T. Chung21 GETBULK PERFORMANCE

22 CS 678 P. T. Chung22 GET-BULK EXAMPLE getBulk(max-repetitions = 4; 1.1) response(1.1.0 => 130.89.16.2 1.2.1.0 => printer-1 1.2.2.0 => 123456 1.3.1.1.2.1 => 2 )

23 CS 678 P. T. Chung23 GET-BULK EXAMPLE getBulk(max-repetitions = 3; 1.3.1.1; 1.3.1.2; 1.3.1.3) response(1.3.1.1.2.1 => 2; 1.3.1.2.2.1 => 1; 1.3.1.3.2.1 => 2 1.3.1.1.3.1 => 3; 1.3.1.2.3.1 => 1; 1.3.1.3.3.1 => 3 1.3.1.1.5.1 => 5; 1.3.1.2.5.1 => 1; 1.3.1.3.5.1 => 2 )

24 CS 678 P. T. Chung24 SNMPv3 SNMPv3 defines a security capability to be used in conjunction with SNMPv1 or v2

25 CS 678 P. T. Chung25 SNMP v3 DESIGN DECISIONS ADDRESS THE NEED FOR SECURY SET SUPPORT DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTURE MOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS

26 CS 678 P. T. Chung26 SNMP v3 DESIGN DECISIONS ALLOW FOR FUTURE EXTENSIONS KEEP SNMP AS SIMPLE AS POSSIBLE ALLOW FOR MINIMAL IMPLEMENTATIONS SUPPORT ALSO THE MORE COMPLEX FEATURES, WHICH ARE REQUIRED IN LARGE NETWORKS RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE

27 CS 678 P. T. Chung27 SNMPv3 Flow

28 CS 678 P. T. Chung28 SNMPv3 ARCHITECTURE

29 CS 678 P. T. Chung29 Traditional SNMP Manager

30 CS 678 P. T. Chung30 Traditional SNMP Agent

31 CS 678 P. T. Chung31 SNMPv3 MESSAGE STRUCTURE

32 CS 678 P. T. Chung32 SNMP3 Message Format with USM

33 CS 678 P. T. Chung33 User Security Model (USM) Designed to secure against: Modification of information Masquerade Message stream modification Disclosure Not intended to secure against: Denial of Service (DoS attack) Traffic analysis

34 CS 678 P. T. Chung34 Key Localization Process

35 CS 678 P. T. Chung35 View-Based Access Control Model (VACM) VACM has two characteristics: Determines wheter access to a managed object should be allowed. Make use of an MIB that: Defines the access control policy for this agent. Makes it possible for remote configuration to be used.

36 CS 678 P. T. Chung36 Access control decision

37 CS 678 P. T. Chung37 SECURE COMMUNICATION VERSUS ACCESS CONTROL

38 CS 678 P. T. Chung38 USM: SECURITY THREATS

39 CS 678 P. T. Chung39 USM MESSAGE STRUCTURE

40 CS 678 P. T. Chung40 IDEA BEHIND REPLAY PROTECTION

41 CS 678 P. T. Chung41 IDEA BEHIND DATA INTEGRITY AND AUTHENTICATION

42 CS 678 P. T. Chung42 IDEA BEHIND AUTHENTICATION

43 CS 678 P. T. Chung43 IDEA BEHIND THE DATA CONFIDENTIALITY (DES)

44 CS 678 P. T. Chung44 IDEA BEHIND ENCRYPTION

45 CS 678 P. T. Chung45 VIEW BASED ACCESS CONTROL MODEL ACCESS CONTROL TABLE MIB VIEWS

46 CS 678 P. T. Chung46 ACCESS CONTROL TABLES

47 CS 678 P. T. Chung47 MIB VIEWS

48 CS 678 P. T. Chung48 SNMPv3 RFCs

49 CS 678 P. T. Chung49 Recommended Reading and WEB Sites Subramanian, Mani. Network Management. Addison-Wesley, 2000 Stallings, W. SNMP, SNMPv1, SNMPv3 and RMON 1 and 2. Addison-Wesley, 1999 IETF SNMPv3 working group (Web sites) SNMPv3 Web sites

Download ppt "CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY."

Similar presentations

Chapter 6 SNMPv2 6-1 Network Management: Principles and Practice

Chapter 6 SNMPv2 6-1 Network Management: Principles and Practice
Communication and Functional Models

Communication and Functional Models
Computer Network Management

Computer Network Management
Henric Johnson1 Chapter 12 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 12 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden
CSCE 815 Network Security Lecture 17 SNMP Simple Network Management Protocol March 25, 2003.

CSCE 815 Network Security Lecture 17 SNMP Simple Network Management Protocol March 25, 2003.
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.

Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
Global Network & Network Management **** IEC Teacher Workshop June 28, 2012 Prof. Mani Subramanian.

Global Network & Network Management **** IEC Teacher Workshop June 28, 2012 Prof. Mani Subramanian.
1 1/15/2015 16:37 Chapter 14Network Management1 Rivier College CS575: Advanced LANs Chapter 14: Network Management.

1 1/15/ :37 Chapter 14Network Management1 Rivier College CS575: Advanced LANs Chapter 14: Network Management.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
CIS 203 17 : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.

CIS : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.
Network Management Security

Network Management Security
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.

Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.
Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
NS-H0503-02/11041 SNMP. NS-H0503-02/11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
SNMP PROTOCOL Copyright © 2001 by Aiko Pras These sheets may be used for educational purposes.

SNMP PROTOCOL Copyright © 2001 by Aiko Pras These sheets may be used for educational purposes.
EE579T/10 #1 Spring 2005 © 2000-2005, Richard A. Stanley EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.

EE579T/10 #1 Spring 2005 © , Richard A. Stanley EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.
Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.

Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.

Similar presentations

Ads by Google