Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1
Network Management
2
Network management
scenarios
Detecting failure of an interface card in a
device
Host monitoring
Intrusion detection
3
ISO Network Management Model
FCAPS:
Fault management
Configuration management
Accounting management
Performance management
Security Management
4
ISO Network Management Model
6
Simple Network Management
Protocol
Protocol for network management, part of
TCP/IP suite
Basic components:
Managers/NMS
Managed devices
SNMP Agents
MIB
7
SNMPv3
8
Network Management
Architecture
9
MIB (Management Information
Base)
MIB virtual information store for a collection
of managed objects
11
Object naming by OID
12
MIB-II subtree
13
SNMP Transport
14
SNMP Transport
15
SNMP Operations
get
getnext
getbulk (SNMPv2 and SNMPv3)
set
getresponse
trap
notification (SNMPv2 and SNMPv3)
inform (SNMPv2 and SNMPv3)
report (SNMPv2 and SNMPv3)
16
SNMP Operations
Get and getresponse
17
SNMP Operations
Getnext retreive a group of values
18
SNMP Operations
Getbulk retreive a section of a table
19
SNMP Operations
Set change value or create a new row in
the table
20
SNMP Operations
Trap asynchronous operation
21
Primary Goals of SNMPv3
Check message integrity - To verify that each
received message has not been modified during its transmission .
22
Primary Goals of SNMPv3
23
SNMPv3 security framework
Two core modules within the framework are the User-based Security
Model (USM) and the View-based Access Control Model (VACM).
24
SNMPv3 security framework
Authentication -Each SNMP entity is identified by
SNMPEngineID, and SNMP communication is possible only if
an SNMP entity knows the identity of its peer. Traps and
Notifications are exceptions to this rule.
Protection against:
Modification of Information (Data Integrity)
Ensure that the data is not maliciously altered during transit by an
unauthorized entity.
Masquerading (Data Origin Authentication)
Ensure that it is known exactly who and where the data came from to
prevent an unauthorized entity from assuming the identity of an authorized
user.
Disclosure (Data Confidentiality)
Ensure that an unauthorized entity cannot eavesdrop on the data
exchanges.
Message Stream Modification (Message Timeliness)
Ensure that the data was received in a timely manner to prevent malicious
re-ordering of data by an unauthorized entity.
25
SNMPv3 User-based
Secuirity Model
USM communication mechanisms
available:
Communication without authentication and
privacy (NoAuthNoPriv).
Communication with authentication and
without privacy (AuthNoPriv).
Communication with authentication and
privacy (AuthPriv).
26
SNMPv3 VCAM
The Access Control Subsystem of an SNMP entity has the
responsibility for checking whether a specific type of access to a
specific managed object is allowed.
27