Chapter -5

Network Management Protocol and

OS Security

Mr.Rajasekhar Boddu
 Introduction
• SNMP network management consists of four parts:
– Management Information Base (MIB)
• A map of the hierarchical order of all managed objects and how
they are accessed
– Structure of Management Information (SMI)
• Rules specifying the format used to define objects managed on the
network that the SNMP protocol accesses
– SNMP Protocol
• Defines format of messages exchanged by management systems
and agents.
• Specifies the Get, GetNext, Set, and Trap operations
– Security and administration capabilities
• The addition of these capabilities represents the major
enhancement in SNMPv3 over SNMPv2
 Basic Concepts of SNMP
• An integrated collection of tools for network
monitoring and control.
 Single operator interface
 Minimal amount of separateequipment. Software
and network communications capability built into
the existing equipment
 SNMP key elements:
 Management station
 Management agent
 Management information base
 Network Management protocol
 Get, Set and Notify
 Management Information
Bases (MIB)
• SNMP agent is software that runs on a piece
of network equipment (host, router, printer,
or others) and that maintains information
about its configuration and current state in a
database
 Information in the database is described by
Management Information Bases (MIBs)
 The MIB specifies the managed objects
 Cont’d…
 The MIB is a text file that describes managed
objects using the syntax of ASN.1 (Abstract
Syntax Notation 1)
 ASN.1 is a formal language for describing
data and its properties
 In Linux, MIB files are in the directory /usr/
share/snmp/mibs
 Multiple MIB files
 MIB-II (defined in RFC 1213) defines the managed
objects of TCP/IP networks
 Managed Objects
 Each managed object is assigned an object
identifier (OID)
 The OID is specified in a MIB file.
 An OID can be represented as a sequence of
integers separated by decimal points or by a
text string. Example:
 1.3.6.1.2.1.4.6.
 iso.org.dod.internet.mgmt.mib-2.ip.ipForwData
 When an SNMP manager requests an object,
it sends the OID to the SNMP agent.
Protocol context of SNMP
 SNMP v1 and v2
 Trap – an unsolicited message
(reporting an alarm condition)
 SNMPv1 is ”connectionless” since it
utilizes UDP (rather than TCP) as the
transport layer protocol.
 SNMPv2 allows the use of TCP for
”reliable, connection-oriented” service.
Comparison of SNMPv1 and SNMPv2
 SNMPv1 Community Facility
 SNMP Community – Relationship
between an SNMP agent and SNMP
managers.
 Three aspect of agent control:
 Authentication service
 Access policy
 Proxy service
 SNMPv3
  SNMPv3 defines a security capability to
be used in conjunction with SNMPv1 or v2
  SNMPv3 solves SNMP security problems, right?
  NOT!
  Decent security implementation, but reality is:
  SNMPv1 still holds ~95% of the market (2005)
  Even SNMPv2 not widely deployed
  Upgrading to SNMPv3 is difficult and costly (sort of like
moving from WinXP to WinVista all at once)
  There is the issue of proxies and foreign clients
  SNMPv3 is the clear long-term choice
 OS Security
• Operating Systems are large and complex
pieces of software
• They must be able to deal effectively with
security-critical issues whether they
occur accidentally or as part of a malicious
attack.
• Modern OSs are designed for multiuser and
multi-tasking operations, and, as a result, they
must, at a minimum, deal with separation,
memory protection, and access control.
 Separation
• OS must keep users and individual processes separate from
each other.
• There are several ways that separation can be enforced:
• Physical separation: users are restricted to separate devices.
This provides
a strong form of separation, but it is often impractical.
• Temporal separation: execute one processes at a time. This
eliminates
many problems that arise due to concurrency and simplifies
the job of the OS.
• Logical separation :by sandboxing, where each process has
its own sandbox. A process is free to do almost anything
within its sandbox, but it’s highly restricted as to what it can
do outside of its sandbox.
• Cryptographic separation :to hide information from an
outsider.
Of course, various combinations of these separation methods
can be used as well
 Memory Protection

• This includes protection for the memory that the

OS itself uses as well as the memory of user
processes
• A fence address can be used for memory
protection.
• A fence is a particular address that users and
their processes cannot cross—only the OS can
operate on one side of the fence,
and users are restricted to the other side.
 Cont’d…
• The most common methods of memory protection are
segmentation and paging.
• Segmentation: divides the memory into logical units,
such as individual procedures or the data in one array.
Then different access control can be enforced on
different segments.
• Depending on the access control applied to particular
segments, users can share access to segments and
specific users can be restricted to specific segments.
• which is accomplished using a <segment,offset>
where, segment :name of segment
offset: starting address of the specified segment
In short, segmentation is complex and places a significant
burden on the OS.
 Cont’d…
• Paging is like segmentation, except that all
segments are of a fixed size
• Access to a particular page uses a pair of the form
<page, offset>.
• Advantages of paging over segmentation include
no fragmentation, improved efficiency, and the
fact that there are no variable segment sizes to
worry about.
 Access Control

• OSs are the ultimate enforcers of access control.

• This is one reason why the OS is such
an attractive target for attack—a successful attack
on the OS will effectively nullify any
protection built in at a higher level.
• In our terminology, authorization is one aspect of
access control and authentication is another.
 TRUSTED OPERATING SYSTEM
• A system is trusted if we rely on it for security.
If a trusted system fails to provide the
expected security, then the security of the
system fails.
• Trust implies reliance, trust
has binary choice—either we trust or we
don’t.
• Security, on the other hand, is a judgment
of the effectiveness of the security
mechanisms relative to a specified policy or
statement
 Cont’d…
• The OS mediates interactions between subjects
(users) and objects (resources).
• A trusted OS must securely enforce separation,
memory protection, and access control.
• Trusted OS must determine which objects to
protect and how and which subjects are
allowed to do what.
 MAC, DAC, and More

• Mandatory access control, or MAC, is access that is not

controlled by the owner of an object.
• For example, Alice does not decide who holds a TOP
SECRET clearance, so she can’t completely control the
access to a document classified at this level.
• Discretionary access control, or DAC, is the type of
access control where access is determined by the
owner of an object
• For example, in UNIX file protection, the owner of a file
controls read, write, and execute privileges
 Cont’d…
• If both DAC and MAC apply to an object, MAC
wins.
• Suppose Alice owns a document marked TOP
SECRET.
• Alice can set the DAC since she owns the
document, but, regardless of these settings, Bob,
who only has a SECRET clearance, can’t access
the document since he doesn’t meet the MAC
requirements.
 Trusted Path
• When you enter your password at the login
prompt, what happens to that password
depends on the software that is running on
your system.
• How can you be sure that software is not
doing something evil, such as writing your
password to a file that will later be e-mailed to
Trudy? This is the trusted path problem

Compiled By Adugna A.
 Trusted Computing Base

• The trusted computing base, or TCB, is everything

in the OS that we rely on to
enforce security.
• Our definition of trust implies that, if everything
outside TCB were
subverted, the trusted OS would still be secure.
• But, if anything in the TCB is subverted, then the
security of the system is, by definition,
broken.

Compiled By Adugna A.