774008
Description
Mind Map by Craig Parker, updated more than 1 year ago
More
|
Created by jjanesko
about 10 years ago
|
|
|
Copied by Craig Parker
about 10 years ago
|
|
U2.5 SNMPv1
- general
- ISO 7498-2
- network mgt
protocols provide
- configuration
management
- accounting
- event logging
- configuration
management
- defines network mgt
security in general
- network mgt
protocols provide
- ISO 7498-2
- architectural model
- SNMP
protocol
entities
- at least one management station
- acts as management role
- acts as management role
- a number of
network elements
- manages systems, iE
routers, servers gateways
- manages systems, iE
routers, servers gateways
- At least one agent
- at least one management station
- all entities have a
management
information base
(MIB)
- SNMP access
MIB on top of
UDP and IP
- connectionless!!
- ports
- 161
- for requests (GET, SET)
- for requests (GET, SET)
- 162
- for traps
- for traps
- 161
- connectionless!!
- MIB Contains configuration and operational data
- SNMP access
MIB on top of
UDP and IP
- SNMP
protocol
entities
- 3 operations
- GET
- enables mgt station to
retrieve object values
from managed entity
- enables mgt station to
retrieve object values
from managed entity
- SET
- enables the management station to set object values in managed entity
- enables the management station to set object values in managed entity
- TRAP
- enables a managed entity to notify the management station of significant events
- Traps are sent by NW entities when they want to inform the management station of some event
- enables a managed entity to notify the management station of significant events
- implemented
with "protocol
data units"
(PDUs)
- 3 parts to a PDU message
- version
- community
- SNMP operation
- version
- 3 parts to a PDU message
- GET
- threats
- primary
- data modification of messages in transit
- masquerade. as
agent or mgmt device
- data modification of messages in transit
- secondary
- message stream modification.
recording or replay of messages
- eavesdropping
- message stream modification.
recording or replay of messages
- primary
- vulnerabilities
- no integrity protection
- no timeliness guarantee
- no replay protection
- weath authentication mechanism
- no confidentiality protection
- no integrity protection
- Uses UPD, connectionless protocol so no
guarantee that mgmt traffic sent is recieved
- Advantages
- reduced overhead
- protocol simplicity
- reduced overhead
- Disadvantages
- no inbuilt reliability
- connection oriented operations must be
built into upper layer applications
- no inbuilt reliability
- Advantages
- To prevent one device acting with the
authority of another device, IE masquerading
as the management console
- security services provided
- authentication service
- Assure the destination
device that the SNMP
PDU does come from
the source from which
it claims to be
- Assure the destination
device that the SNMP
PDU does come from
the source from which
it claims to be
- access control service
- Limit the SNMP
operations that a
device can request
according to device's
identity
- Limit the SNMP
operations that a
device can request
according to device's
identity
- security mechanisms provided to implement
these services based on idea of communities
- authentication mechanism
- community name
- All PDUs from
mgt station must
contain the
community name
- All PDUs from
mgt station must
contain the
community name
- community name
- access mode mechanism
- community profile
- Each device stores a
community profile that
specifies which MIB
values and how those
values can be access by
an entity bearing the
associated community
name.
- Each device stores a
community profile that
specifies which MIB
values and how those
values can be access by
an entity bearing the
associated community
name.
- community profile
- authentication mechanism
- authentication service
- security services provided
Want to create your own Mind Maps for free with GoConqr? Learn more.