Professional Documents
Culture Documents
Mr.Rajasekhar Boddu
Introduction
• SNMP network management consists of four parts:
– Management Information Base (MIB)
• A map of the hierarchical order of all managed objects and how
they are accessed
– Structure of Management Information (SMI)
• Rules specifying the format used to define objects managed on the
network that the SNMP protocol accesses
– SNMP Protocol
• Defines format of messages exchanged by management systems
and agents.
• Specifies the Get, GetNext, Set, and Trap operations
– Security and administration capabilities
• The addition of these capabilities represents the major
enhancement in SNMPv3 over SNMPv2
Basic Concepts of SNMP
• An integrated collection of tools for network
monitoring and control.
Single operator interface
Minimal amount of separateequipment. Software
and network communications capability built into
the existing equipment
SNMP key elements:
Management station
Management agent
Management information base
Network Management protocol
Get, Set and Notify
Management Information
Bases (MIB)
• SNMP agent is software that runs on a piece
of network equipment (host, router, printer,
or others) and that maintains information
about its configuration and current state in a
database
Information in the database is described by
Management Information Bases (MIBs)
The MIB specifies the managed objects
Cont’d…
The MIB is a text file that describes managed
objects using the syntax of ASN.1 (Abstract
Syntax Notation 1)
ASN.1 is a formal language for describing
data and its properties
In Linux, MIB files are in the directory /usr/
share/snmp/mibs
Multiple MIB files
MIB-II (defined in RFC 1213) defines the managed
objects of TCP/IP networks
Managed Objects
Each managed object is assigned an object
identifier (OID)
The OID is specified in a MIB file.
An OID can be represented as a sequence of
integers separated by decimal points or by a
text string. Example:
1.3.6.1.2.1.4.6.
iso.org.dod.internet.mgmt.mib-2.ip.ipForwData
When an SNMP manager requests an object,
it sends the OID to the SNMP agent.
Protocol context of SNMP
SNMP v1 and v2
Trap – an unsolicited message
(reporting an alarm condition)
SNMPv1 is ”connectionless” since it
utilizes UDP (rather than TCP) as the
transport layer protocol.
SNMPv2 allows the use of TCP for
”reliable, connection-oriented” service.
Comparison of SNMPv1 and SNMPv2
SNMPv1 Community Facility
SNMP Community – Relationship
between an SNMP agent and SNMP
managers.
Three aspect of agent control:
Authentication service
Access policy
Proxy service
SNMPv3
SNMPv3 defines a security capability to
be used in conjunction with SNMPv1 or v2
SNMPv3 solves SNMP security problems, right?
NOT!
Decent security implementation, but reality is:
SNMPv1 still holds ~95% of the market (2005)
Even SNMPv2 not widely deployed
Upgrading to SNMPv3 is difficult and costly (sort of like
moving from WinXP to WinVista all at once)
There is the issue of proxies and foreign clients
SNMPv3 is the clear long-term choice
OS Security
• Operating Systems are large and complex
pieces of software
• They must be able to deal effectively with
security-critical issues whether they
occur accidentally or as part of a malicious
attack.
• Modern OSs are designed for multiuser and
multi-tasking operations, and, as a result, they
must, at a minimum, deal with separation,
memory protection, and access control.
Separation
• OS must keep users and individual processes separate from
each other.
• There are several ways that separation can be enforced:
• Physical separation: users are restricted to separate devices.
This provides
a strong form of separation, but it is often impractical.
• Temporal separation: execute one processes at a time. This
eliminates
many problems that arise due to concurrency and simplifies
the job of the OS.
• Logical separation :by sandboxing, where each process has
its own sandbox. A process is free to do almost anything
within its sandbox, but it’s highly restricted as to what it can
do outside of its sandbox.
• Cryptographic separation :to hide information from an
outsider.
Of course, various combinations of these separation methods
can be used as well
Memory Protection
Compiled By Adugna A.
Trusted Computing Base
Compiled By Adugna A.