U2.6 SNMPv3

jjanesko
Mind Map by , created over 5 years ago

Nework Security Mind Map on U2.6 SNMPv3, created by jjanesko on 04/10/2014.

38
0
0
Tags
jjanesko
Created by jjanesko over 5 years ago
U2.3 TCP, Routers, VLAN
jjanesko
U2.1 Cables, Hubs, Sniffers - Hub Diagram
jjanesko
U2.2 Switches, ARP - ARP spoofing steps
jjanesko
How to Create A Mindmap
PatrickNoonan
Romeo and Juliet: Key Points
mbennett
U2.4 LANs, MANs, WANs
jjanesko
U2.5 SNMPv1
jjanesko
U2.1 Cables, Hubs, Sniffers
jjanesko
U2.1 Cables,Hubs,Sniffers- Thin Ethernet
jjanesko
U2.5 SNMPv1 - SNMPv1 protocol stack
jjanesko
U2.6 SNMPv3
1 Designed to take care of threats from SNMPv1 and SNMPv2
1.1 data modification
1.2 masquerade
1.3 massage stream modification
1.3.1 reorder
1.3.2 replay
1.3.3 delay
1.4 eavesdropping
2 adopted security services
2.1 data origin authentication
2.1.1 HMAC on encrypted message
2.1.2 shared key (K2) derived from snmpEngineID of authoritative entity + network admin passphrase
2.1.3 pretects against masquerade
2.2 data integrity
2.2.1 HMAC on encrypted message
2.2.2 shared key (K2) derived from snmpEngineID of authoritative entity + network admin passphrase
2.2.3 protects against data modification
2.2.4 protects against message stream modification (reorder)
2.3 data confidentiality
2.3.1 DES cipher block chaining
2.3.2 shared key (K1) derived from snmpEngineID of authoritative entity + network admin passphrase
2.3.3 protects against eavesdropping
2.4 message timelines (limited replay protection)
2.4.1 entities must synchronize clocks
2.4.2 150 second window for communication exchanges
2.4.3 protects against message stream modification
2.4.3.1 replay
2.4.3.2 delay
3 general setup
3.1 network admin gives to all SNMP entities
3.1.1 a unique snmpEngineID
3.1.2 network admin's SNMP passphrase
3.2 encryption and HMAC keys based on values from "authoritative entity" in a communication exchange
3.2.1 GET, SET SNMP PDU
3.2.1.1 receiver is authoritative entity
3.2.2 TRAP, REPORT, RESPONSE SNMP PDU
3.2.2.1 sender is the authoritative entity

Media attachments