Scribd
Upload
17 views

CNS Module 5

Computer network security syllabus

Uploaded by

Aman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
17 views

CNS Module 5

Computer network security syllabus

Uploaded by

Aman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 16
52.1 What is SNMP? In today’s Complex network of a devices on YOU Network and male routes, Swit, ang — re and sey where she Simple Network Manageme ene "PSRs mom te go growing n fora standard for managing Protocol (sen? 2° ung aan ne a ane te Lee + SM optimally. This is - SENMP Provides inet erage Secs MP was introduced in 1968 to meet se Fig. $2.1 At a high-level, there are two kind of entities involved in a SNMP managed network infrastructure - SNMP. Managers and SNMP Agents . % Definition ; A SNMP manager is a server running some kind of software system that can management tasks for a network. * SNMP Managers are often referred to as Network Management Stations (NMSs).An NMS is pl Polling and receiving traps from SNMP agents in the network pol inthe context of network management. i the act of querying an agent (router, switch, : used later to determine if Unix server, etc.) fe information. This information can be paaouere . for some piece of ‘atastrophic event has occurred. A trap is 4 WaY for the agent to tell the NMS thet something has happened. Traps : its own without queries from the NMS. The NMS is further responsibie are sent agent on asynchronously by the ag information it receives from the agent for ‘ the | Sie down. then ican send 2 rapco your NMS informing about the same oes down, tre automatically to fx the problem or notify network 7 ective co the required actions. For example, when a router interface ation further and take 'n turn, the NMS can take some cor” Administrators who could look into the st en. “°yright No, -3673/2019-CO/L & gai/2019-c0lt) F_Computer Network Security (MU) Network Mgmt Security & Network Access Contro) ‘The second entity is the SNMP agent. 4 Definition : SNMP agent isa piece of software that runs on the network devices you are managing. (for example, Cisco's 10S on a most IP devices come with some kind of gents in many of their products makes the + Ttean be a separate program, or it can be incorporated into the operating system router, or the low-level operating system that controls a UPS). Today, SNMP agent built-in, The fact that vendors are willing to implement a system administrator's or network manager's job easier, * The agent provides management information to the NMS by keeping track of various operational aspects of the device, For example, the agent on a router is able to keep track of the state of each of its interfaces - which ones are up, which ones are down, ete. * The NMS can query the status of each interface and take appropriate action if any of them are down. When the agent notices that something bad has happened, itcan send a trap to the NMS. Tis trap originates from the agent ands sent to the NMS, where itis handled appropriately. Some devices also send a corresponding “ll lear rap when there is a transition froma bad state to a good state. * This can be useful in determining when a problem situation has been resolved. It is important to keep in mind that polls and traps can happen at the same time, There are no restrictions on when the NMS can query the agent or when the agent can send a trap. 5.2.3 SNMP Management Information Base (MIBs) * There could be various types of network devices from various vendors. How does an NMS know what it can ask an agent for? Similarly, how does an agent understand what an NMS is asking for? That is precisely where SNMP Management Information Base (MIBs) play a role. * The Structure of Management Information (SMI) provides a way to define managed objects and their behaviour. ‘An agent has in its possession a list of the objects that it tracks. One such object is the operational status of a router interface (for example, up, down, or testing). This list collectively defines the information the NMS can use to determine the overall health of the device on which the agent resides, * The Management Information Base (MIB) can be thought of as a database of managed objects that the agent tracks. Any sort of status or statistical information that can be accessed by the NMS is defined in a MIB, The SMI Provides a way to define managed objects while the MIB is the definition (using the SMI syntax) of the objects themselves. Like a dictionary, which shows how to spell a word and then gives its meaning or definition, a MIB defines a textual name for a managed object and explains its meaning. * An agent may implement many MIBs, but all agents implement a particular MIB called MIB-II (RFC 1213). This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc). The main goal of MIB-II is to provide general TCP/IP management information, It does not cover every Possible item a vendor may want to manage within its particular device. A vendor typically publishes its own MIBs corresponding to the network devices that it sells. For example, consider a vendor that is bringing a new router to market. The agent built into the router will respond to NMS requests (or send traps to the NMS) for the variables defined by the MIB-II standard. It probably also implements MIBs for the interface types it provides. In addition, the router may have some significant new features that are worth monitoring but are not covered bY any standard MIB. So, the vendor defines its own MIB (sometimes referred to as a proprietary MIB) that implements managed objects for the status and statistical information of its new router, Wai neat (Copyright No. - 3673/2019-CO/l & 8811/2019-CO/L) ree imo your sans n cess Control . ~- o-+ mp into your NMS eM values / objects, ete, defined within that MiB, a which you are requesting queries, + Thedefinition of managed objects can be broken d 1, Name: The name, or object identifi two forms: applications, alot of work goes into help 1g Windows 10 can commun about things such as byte ordering, + Managed objects are organised into a treelike hierarchy. This structure is the basis for SNMP's naming scheme. An object ID is made up of a series of integers based on the nodes in the tree, separated by dots (). Although there is a human-readable form that is friendlier than a string of numbers, this form is nothing more than a series of names separated by dots, each representing a node of the tree. You can use the numbers themselves, or you can use a sequence of names that represent the numbers. The Fig, 5.2.2 shows the top few levels ofthis tree. MIB TREE DIAGRAM CONT 0) [LONT-IS0-CONT @) £ z STANOAROG)) —- [[REGAMTNORTTV WEBER GODT) [STANDARD AUSTRALIA (36) INTERNET(1) | | ] son] [Suu Ce Te |] er Pea inrenrace) (ar ][ ll @ || I @ || @ (19) a @ Fig. 5.2.2 -cO/l) (Copyright No, - 3673/2019-CO/L & 8811/2019-CO/l) Computer Network Security (MU) 5-10 Network Mgmt. Security & Network Access Contr) .2, the OID of sysDescr is ", 1.3.6.1.2.1.1.%, which ean be found by To provide an example from the Fig. following the path from ROOT to sysDescr as following. © 180 is .1 © ORGANIZATION is .3 © pop is .6 © INTERNET is .1 o MGMT is .2 © MIB-2 is .1 © SYSTEM is .1 © sysDescr is .1 «Inthe object tree, the node at the top of the tree is called the root, anything with children is called a subtree, and anything without children is called a leaf node. 5.2.4 SNMP Versions ‘The Table 5.2.1 summarises the SNMP versions. Table 5.2.1 SNMP Description ] Version | SNMP Itis the initial version of the SNMP protocol. Itis defined in RFC 1157 and is a historical IETF version 1 standard, SNMPv1’s security is based on communities, which are nothing more than passwords: (SNMPv1) _| plain-text strings that allow any SNMP-based application that knows the strings to gain access to a device's management information. There are typically three communities in SNMPv1: read-only, read-write, and trap. SNMP It is often referred to as community-string-based SNMPv2. This version of SNMP is technically version 2 called SNMPv2c. It includes improvements in the areas of performance, security and manager-to- (SNMPv2c) __| manager communications. It is defined in RFC 3416, RFC 3417, and RFC 3418. SNMP Itis the latest version of SNMP. Its main contribution to network management is security. Itadds version 3 support for strong authentication and private communication between managed entities. The (SNMPv3) following RFCs define the standard: RFC 3410, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 3416, RFC 3417, RFC 3418, and RFC 2576. \copvright No, - 3673/2039-CO/L & 8811/2019-CO/L) : Table 5.2.2 Comparison Attribute SNMPv1 SNMPv2 Used today “ne No Yes, but but less common conten ne 7 = ‘nly | _ Yes, most commonly lo Authentication No = No Ye Community Strings Yes Ye _ es No Usernam e No No Yes 5.2.6 Security Enhancements in SNMPv3 Now that you have covered basics of SNMP, let's learn about the security enhancements in SNMPv3. + Security has been the biggest weakness of SNMP since the beginning, Authentication in SNMP versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. * Any security-conscious network or system administrator knows that clear-text passwords provide no real security at all, It is trivial for someone to intercept the community string, and once she has it, she can use it to retrieve information from devices on your network, modify their configuration, and even shut them down. * The Simple Network Management Protocol Version 3 (SNMPv3) addresses the security problems that have plagued both SNMPv1 and SNMPv2. * For all practical purposes, security is the only issue SNMPv3 addresses; there are no other changes to the protocol. «There are no new operations; SNMPv3 supports all the operations defined by versions 1 and 2. There are several new textual conventions, but these are really just more precise ways of interpreting the datatypes that were defined in earlier versions. 5.2.7. Architecture Change in SNMPv3 for Security inges to the protocol aside from the addition of cryptographic security, its . »s no chal Sune look much different by introducing new textual conventions, concepts, developers have managed to make things and terminology. * The most important change is that Vers agents are now called SNMP entities. Bac! * These new concepts are important becaus architecture helps to separate different piec possible, sion 3 abandons the notion of managers and agents. Both managers and entity consists of an SNMP engine and one or more SNMP applications ture rather than simply a set of messages: the define an architec : a in a way that makes a secure implementation es of the SNMP system r

You might also like