1 / 36

SNMPv3 Architecture & Applications Overview

Explore the SNMPv3 architecture, design requirements, security features, and message handling concepts for secure network management. Learn about SNMPv3 entities, modules, protocols, security subsystems, and implementations. RFC standards included.

brownshirley
Download Presentation

SNMPv3 Architecture & Applications Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 15 SNMPV3Architecture and Applications Prof. Choong Seon HONG

  2. The Evolution of SNMP

  3. SNMPv3 Overview • Design Requirements • SNMPv3 security features rely heavily on SNMPv2u and SNMPv2* • Address the need for secure Set request messages over real-world networks, which is the most important deficiency of SNMPv1 and SNMPv2

  4. SNMPv3 Overview - Design Requirements - • ADDRESS THE NEED FOR SECURY SUPPORT • DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP • ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTURE MOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS • ALLOW FOR FUTURE EXTENSIONS • KEEP SNMP AS SIMPLE AS POSSIBLE • ALLOW FOR MINIMAL IMPLEMENTATIONS • SUPPORT ALSO THE MORE COMPLEX FEATURES, WHICH ARE REQUIRED IN LARGE NETWORKS • RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE

  5. SNMP Entities

  6. SNMPv3 ARCHITECTURE: MANAGER UDP, IPX , Others

  7. SNMPv3 ARCHITECTURE: Agent

  8. CONCEPTS: snmpEngineID

  9. CONCEPTS: Context

  10. PRIMITIVES BETWEEN MODULES

  11. SendPdu

  12. prepareOutgoingMessage

  13. generateRequestMsg

  14. send / receive

  15. prepareDataElements

  16. processIncomingMsg

  17. processPd

  18. isAccessAllowed

  19. returnResponsePdu

  20. prepareResponseMessage

  21. generateResponseMsg

  22. send / receive

  23. prepareDataElements

  24. processIncomingMsg

  25. processResponsePdu

  26. MODULES OF THE SNMPv3 ARCHITECTURE • DISPATCHER AND MESSAGE PROCESSING MODULE • SNMPv3 MESSAGE STRUCTURE • snmpMPDMIB • RFC 3412 • APPLICATIONS • snmpTargetMIB • snmpNotificationMIB • snmpProxyMIB • RFC 3413 • SECURITY SUBSYSTEM • USER-BASED SECURITY MODEL (USM) • snmpUsmMIB • RFC 3414 • ACCESS CONTROL SUBSYSTEM • VIEW-BASED ACCESS CONTROL MODEL (VACM) • snmpVacmMIB • RFC 3415

  27. SNMPv3 MESSAGE STRUCTURE

  28. SNMPv3 PROCESSING MODULE PARAMETERS

  29. SECURE COMMUNICATION VERSUS ACCESS CONTROL

  30. USM: SECURITY THREATS

  31. USM MESSAGE STRUCTURE

  32. IDEA BEHIND REPLAY PROTECTION

  33. IDEA BEHIND DATA INTEGRITY AND AUTHENTICATION

  34. SNMPv3 IMPLEMENTATIONS • ACE*COMM • AdventNet • BMC Software • Cisco • Epilogue • Gambit Communications • Halcyon • IBM • ISI • IWL • MG-SOFT • MultiPort Corporation • SimpleSoft • SNMP Research • SNMP++ • TU of Braunschweig • UCD • University of Quebec

  35. RFC 3411 SNMP ENTITY SNMP APPLICATIONS RFC 3413 OTHER SNMP ENGINE RFC 3412 RFC 3412 USM: RFC 3414 VACM: RFC 3415 MESSAGE PROCESSING SECURITY ACCESS CONTROL DISPATCHER SUBSYSTEM SUBSYSTEM SUBSYSTEM SNMPv3 RFCs

  36. SNMPv3 RFCs (2) • RFC 3410 (Informational) - Introduction and Applicability Statements for Internet Standard Management Framework (December 2002) • RFC 3411 - An Architecture for Describing SNMP Management Frameworks (December 2002) • RFC 3412 - Message Processing and Dispatching (December 2002) • RFC 3413 - SNMP Applications (December 2002) • RFC 3414 - User-based Security Model (December 2002) • RFC 3415 - View-based Access Control Model (December 2002) • RFC 3416 - Version 2 of SNMP Protocol Operations (December 2002) • RFC 3417 - Transport Mappings (December 2002) • RFC 3418 - Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) (December 2002)

More Related