Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University

Published byCameron Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University"— Presentation transcript:

1 SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University http://www.comsoc.org/livepubs/surveys/public/4q98issue/stallings.html Reference:

2 SNMPv3 RFCs  Introduction and Applicability Statements for Internet-Standard Management Framework  An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks  Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)  Simple Network Management Protocol (SNMP) Applications  User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)  View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)  Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)  Transport Mappings for the Simple Network Management Protocol (SNMP)  Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) RFC3410 RFC3411 RFC3412 RFC3413 RFC3414 RFC3415 RFC3416 RFC3417 RFC3418

3

4 SNMP entity Application(s) Command Generator Notification Receiver Proxy Forwarder Subsystem Command Responder Notification Originator Other snmpEngineID SNMP Engine (identified by snmpEngineID) Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem SNMP entity is a node with an SNMP management element - either an agent or manager or both SNMPv3 Architecture

5 Dispatcher Sending and receiving SNMP messages to/from the network Determining the version of an SNMP message and interacting with the corresponding Message Processing Model Providing an abstract interface to SNMP applications for delivery of a PDU to an application. Providing an abstract interface for SNMP applications that allows them to send a PDU to a remote SNMP entity. SNMP Engine (identified by snmpEngineID) Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem

6 Dispatcher Three components Transport mapping delivers messages over the transport protocol Message Dispatcher routes messages between network and appropriate module of MPS PDU dispatcher handles messages between application and MSP

7 Message Processing Subsystem Contains one or more Message Processing Models One MPM for each SNMP version SNMP version identified in the header SNMP Engine (identified by snmpEngineID) Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem

8 Security and Access Control Security at the message level Authentication Privacy of message via secure communication Flexible access control Who can access What can be accessed Flexible MIB views SNMP Engine (identified by snmpEngineID) Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem

9 Applications Application(s) Command Generator Notification Receiver Proxy Forwarder Subsystem Command Responder Notification Originator Other Application Example Command generator get-request Command responderget-response Notification receivertrap generation Notification receivertrap processing Proxy Forwarderget-bulk to get-next (SNMP versions only) OtherSpecial application

10 Manager

11 Agent

12 Command Generator or Notification Originator

13 Command Responder

14 Names Entity Engine (snmpEngineID) Associated with each SNMP entity is a unique snmpEngineID. Context (contextName) A context is a collection of management information accessible by an SNMP entity. Context engine (contextEngineID) = snmpEngineID Principal (securityName) the "who" on whose behalf services are provided or processing takes place. may be an individual or an application or a group of individuals or applications.

15 Context Engine contextName contexts

16 Security Threats Management Entity A Management Entity B Modification of information Masquerade Message stream modification Disclosure

17 Security Threats SNMPv3 security model is developed to protect the following security threats: Modification of information Contents modified by unauthorized user Masquerade change of originating address by unauthorized user Message Stream Modification Re-ordering, delay or replay of messages Disclosure Eavesdropping SNMPv3 security model doesn ’ t protect Denial of Service (DoS) and Traffic Analysis.

18 Security Services Security Subsystem Message Processing Model Authentication Module Privacy Module Timeliness Module Message Timeliness & Limited Replay Protection Data Integrity Data Confidentiality Data Origin Authentication

19 SNMPv3 Security Authentication Data integrity: HMAC-MD5-96 / HMAC-SHA-96 Data origin authentication Append to the message a unique Identifier associated with authoritative SNMP engine Privacy / confidentiality: Encryption Timeliness: Authoritative Engine ID, No. of engine boots and time in seconds  

20 Role of SNMP Engines Non-Authoritative Engine (NMS) Authoritative Engine (Agent)

21 Version Global/ Header Data Security Parameters Plaintext / Encrypted scopedPDU Data Message ID Message Max. Size Message Flag Message Security Model Authoritative Engine ID Authoritative Engine Boots Authoritative Engine Time User Name Authentication Parameters Privacy Parameters Context Engine ID Context Name Data Figure 7.12 SNMPv3 Message Format Header DatascopedPDU Security Parameters Whole Message See P. 304

22 See p. 304

23 User-Based Security Model Based on traditional user name concept Authentication service primitives authenticateOutgoingMsg authenticateIncomingMsg Privacy Services encryptData decryptData

24

25

26 Authentication Protocols Authentication Key Derived from a password chosen by the user digest0: repeat password  2 20 octets digest1: H(digest0) digest2: H(engineID || digest1) AuthKey = digest2 Use HMAC-MD5-96 or HMAC-SHA-96

27

Download ppt "SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
SNMP v3.

SNMP v3.
1 Jim Binkley snmp v3 (one more time) Network Mgmt/Sec.

1 Jim Binkley snmp v3 (one more time) Network Mgmt/Sec.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
SNMPv3 * * Mani Subramanian “Network Management: Principles and practice”, Addison-Wesley, 2000.

SNMPv3 * * Mani Subramanian “Network Management: Principles and practice”, Addison-Wesley, 2000.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.

Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
MJ08-A/07041 Session 08 SNMP V3 Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management.

MJ08-A/07041 Session 08 SNMP V3 Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
NS-H0503-02/11041 SNMP. NS-H0503-02/11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
This presentation is based on the slides listed in references.

This presentation is based on the slides listed in references.
EE579T/10 #1 Spring 2005 © 2000-2005, Richard A. Stanley EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.

EE579T/10 #1 Spring 2005 © , Richard A. Stanley EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
EE579T/9 #1 Spring 2003 © 2000-2003, Richard A. Stanley EE579T Network Security 9: An Overview of SNMP Prof. Richard A. Stanley.

EE579T/9 #1 Spring 2003 © , Richard A. Stanley EE579T Network Security 9: An Overview of SNMP Prof. Richard A. Stanley.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol

Similar presentations

Ads by Google