380 likes | 429 Views
Explore the SNMPv3 architecture, design requirements, security features, and message handling concepts for secure network management. Learn about SNMPv3 entities, modules, protocols, security subsystems, and implementations. RFC standards included.
E N D
Chapter 15 SNMPV3Architecture and Applications Prof. Choong Seon HONG
SNMPv3 Overview • Design Requirements • SNMPv3 security features rely heavily on SNMPv2u and SNMPv2* • Address the need for secure Set request messages over real-world networks, which is the most important deficiency of SNMPv1 and SNMPv2
SNMPv3 Overview - Design Requirements - • ADDRESS THE NEED FOR SECURY SUPPORT • DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP • ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTURE MOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS • ALLOW FOR FUTURE EXTENSIONS • KEEP SNMP AS SIMPLE AS POSSIBLE • ALLOW FOR MINIMAL IMPLEMENTATIONS • SUPPORT ALSO THE MORE COMPLEX FEATURES, WHICH ARE REQUIRED IN LARGE NETWORKS • RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE
SNMPv3 ARCHITECTURE: MANAGER UDP, IPX , Others
MODULES OF THE SNMPv3 ARCHITECTURE • DISPATCHER AND MESSAGE PROCESSING MODULE • SNMPv3 MESSAGE STRUCTURE • snmpMPDMIB • RFC 3412 • APPLICATIONS • snmpTargetMIB • snmpNotificationMIB • snmpProxyMIB • RFC 3413 • SECURITY SUBSYSTEM • USER-BASED SECURITY MODEL (USM) • snmpUsmMIB • RFC 3414 • ACCESS CONTROL SUBSYSTEM • VIEW-BASED ACCESS CONTROL MODEL (VACM) • snmpVacmMIB • RFC 3415
SNMPv3 IMPLEMENTATIONS • ACE*COMM • AdventNet • BMC Software • Cisco • Epilogue • Gambit Communications • Halcyon • IBM • ISI • IWL • MG-SOFT • MultiPort Corporation • SimpleSoft • SNMP Research • SNMP++ • TU of Braunschweig • UCD • University of Quebec
RFC 3411 SNMP ENTITY SNMP APPLICATIONS RFC 3413 OTHER SNMP ENGINE RFC 3412 RFC 3412 USM: RFC 3414 VACM: RFC 3415 MESSAGE PROCESSING SECURITY ACCESS CONTROL DISPATCHER SUBSYSTEM SUBSYSTEM SUBSYSTEM SNMPv3 RFCs
SNMPv3 RFCs (2) • RFC 3410 (Informational) - Introduction and Applicability Statements for Internet Standard Management Framework (December 2002) • RFC 3411 - An Architecture for Describing SNMP Management Frameworks (December 2002) • RFC 3412 - Message Processing and Dispatching (December 2002) • RFC 3413 - SNMP Applications (December 2002) • RFC 3414 - User-based Security Model (December 2002) • RFC 3415 - View-based Access Control Model (December 2002) • RFC 3416 - Version 2 of SNMP Protocol Operations (December 2002) • RFC 3417 - Transport Mappings (December 2002) • RFC 3418 - Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) (December 2002)