774322
Description
Mind Map by Craig Parker, updated more than 1 year ago
More
|
Created by jjanesko
about 10 years ago
|
|
|
Copied by Craig Parker
about 10 years ago
|
|
U2.6 SNMPv3
- Designed to take
care of threats from
SNMPv1 and SNMPv2
- data modification
- masquerade
- massage stream modification
- reorder
- replay
- delay
- reorder
- eavesdropping
- data modification
- adopted security services
- data integrity + origin authentication
- Uses HMAC
- HMAC generates a cryptographic
fingerprint of the message to be protected
and that fingerprint is sent with the message
- HMAC generates a cryptographic
fingerprint of the message to be protected
and that fingerprint is sent with the message
- shared key (K2) derived from
snmpEngineID of
authoritative entity + network
admin passphrase
- protects against
data modification
- protects against
message stream
modification (reorder)
- Uses HMAC
- data confidentiality
- DES in cipher block chaining
- shared key (K1) derived
from snmpEngineID of
authoritative entity +
network admin passphrase
- protects against
eavesdropping
- Both entities must know
keys to encrypt / decrypt
- Encryption must be used with
HMAC othewise an attacker
could alter the encryptes PDU
- Encryption must be used with
HMAC othewise an attacker
could alter the encryptes PDU
- DES in cipher block chaining
- message timelines
(limited replay protection)
- protects against message
message recording and replay
- each entity needs a clock to achieve this
- 150 second window for
communication exchanges
- When sending a Get PDU the reciever is authoritive
so the sender must fiirst retrieve the time , confirm
the value and mainatain synchronised clocks
- Console usually sends and receives all requests
where most devices only receive requests so
console usually maintains the clocks
- 150 second window for
communication exchanges
- each entity needs a clock to achieve this
- protects against message
message recording and replay
- data integrity + origin authentication
- general setup
- each NW manager now
has unique username
- Each entity has a
unique username in NW
- cryptography is used to enable NW
devices to authenticate each other and
provide confidentiality for SNMP PDU's
- introduced the idea of
"authoritative entitys"
- When sending GET, SET SNMP PDU
- receiver is authoritative entity
- receiver is authoritative entity
- When sending TRAP, REPORT,
RESPONSE SNMP PDU
- sender is the
authoritative entity
- sender is the
authoritative entity
- AE is the entity who's crypto keys are used
to provide authenticity and confidentiality for
a PDU and who's timeliness indicators will be
used to prove that message is fresh
- When sending GET, SET SNMP PDU
- each NW manager now
has unique username
- Security Management
tasks introduced with V3
- Creation and storage of keys
- Non- authoritive devices must
manage synchronised clocks
- Storage of user info and passwords
- Creation and storage of keys
Want to create your own Mind Maps for free with GoConqr? Learn more.