U2.5 SNMPv1

jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko almost 6 years ago
32
0

Description

Nework Security Mind Map on U2.5 SNMPv1, created by jjanesko on 04/09/2014.
Tags

Resource summary

U2.5 SNMPv1
1 general
1.1 ISO 7498-2
1.1.1 network mgt protocols provide
1.1.1.1 configuration management
1.1.1.2 accounting
1.1.1.3 event logging
1.1.2 defines network mgt security in general
1.2 SNMP RFCs
1.2.1 RFC 1155-1157
1.2.2 RFC 1441-1448
1.2.3 RFC 2570-2576
2 architectural model
2.1 SNMP protocol entities

Attachments:

2.1.1 at least one management station
2.1.1.1 acts as management role
2.1.2 a number of network elements
2.1.2.1 acts as agent role
2.2 all entities have a management information base (MIB)
2.2.1 SNMP access MIB on top of UDP and IP

Attachments:

2.2.1.1 connectionless!!
2.2.1.2 ports
2.2.1.2.1 161
2.2.1.2.1.1 for requests (GET, SET)
2.2.1.2.2 162
2.2.1.2.2.1 for traps
3 3 operations
3.1 GET
3.1.1 enables mgt station to retrieve object values from managed entity
3.2 SET
3.2.1 enables the management station to set object values in managed entity
3.3 TRAP
3.3.1 enables a managed entity to notify the management station of significant events
3.4 implemented with "protocol data units" (PDUs)
3.4.1 3 parts to a PDU message
3.4.1.1 version
3.4.1.2 community
3.4.1.3 SNMP operation
4 security services provided
4.1 authentication service
4.1.1 Assure the destination device that the SNMP PDU does come from the source from which it claims to be
4.2 access control service
4.2.1 Limit the SNMP operations that a device can request according to device's identity
5 security mechanisms
5.1 authentication mechanism
5.1.1 community name
5.1.1.1 All PDUs from mgt station must contain the community name
5.2 access mode mechanism
5.2.1 community profile
5.2.1.1 Each device stores a community profile that specifies which MIB values and how those values can be access by an entity bearing the associated community name.
6 threats
6.1 primary
6.1.1 data modification
6.1.2 masquerade
6.2 secondary
6.2.1 message stream modification
6.2.2 eavesdropping
7 vulnerabilities
7.1 no integrity protection
7.2 no timeliness guarantee
7.3 no replay protection
7.4 weath authentication mechanism
7.5 no confidentiality protection
Show full summary Hide full summary

Similar

U2.6 SNMPv3
jjanesko
U2.4 LANs, MANs, WANs
jjanesko
U2.1 Cables, Hubs, Sniffers
jjanesko
U2.1 Cables,Hubs,Sniffers- Thin Ethernet
jjanesko
U2.3 TCP, Routers, VLAN
jjanesko
U2.5 SNMPv1 - SNMPv1 protocol stack
jjanesko
U2.1 Cables, Hubs, Sniffers - Hub Diagram
jjanesko
U2.2 Switches, ARP - ARP spoofing steps
jjanesko
U2.5 SNMPv1 - architectural model
jjanesko
U2.3 TCP, Routers - Router Diagram
jjanesko
U2.2 Switches, ARP
jjanesko