Professional Documents
Culture Documents
Net MGMT
Net MGMT
1
Network Management
2
Network management scenarios
Detecting failure of an interface card in a device
Host monitoring
Intrusion detection
3
ISO Network Management Model
FCAPS:
Fault management
Configuration management
Accounting management
Performance management
Security Management
4
ISO Network Management Model
Fault management – Network faults and problems are
found and fixed
Configuration management – track devices and their
h/w and s/w configs
Accounting management - Network resources are
distributed and departments are charged for their
network use
Performance management – quantify, measure, report,
analyze and control performance of network
components to minimize congestion and bottlenecks
Security Management – control access to network
resources according to some well-defined policy
5
Network Management Architecture
6
Simple Network Management Protocol
Protocol for network management, part of TCP/IP
suite
Basic components:
Managers/NMS
Managed devices
SNMP Agents
MIB
7
SNMPv3
8
Network Management Architecture
9
MIB (Management Information Base)
MIB – virtual information store for a collection of
managed objects
11
Object naming by OID
12
MIB-II subtree
13
SNMP Transport
14
SNMP Transport
15
SNMP Operations
get
getnext
getbulk (SNMPv2 and SNMPv3)
getresponse
set
trap
inform (SNMPv2 and SNMPv3)
16
SNMP Operations
Get and getresponse
17
SNMP Operations
Getnext – retreive a group of values
18
SNMP Operations
Getbulk – retreive a section of a table
19
SNMP Operations
Set – change value or create a new row in the table
20
SNMP Operations
Trap – asynchronous operation
21
Primary Goals of SNMPv3
Check message integrity - To verify that each received message has
not been modified during its transmission .
22
Primary Goals of SNMPv3
23
SNMPv3 security framework
Two core modules within the framework are the User-based Security Model (USM) and
the View-based Access Control Model (VACM).
24
SNMPv3 security framework
Authentication -Each SNMP entity is identified by SNMPEngineID,
and SNMP communication is possible only if an SNMP entity knows
the identity of its peer. Traps and Notifications are exceptions to this
rule.
Protection against:
Modification of Information (Data Integrity)
Ensure that the data is not maliciously altered during transit by an unauthorized entity.
Masquerading (Data Origin Authentication)
Ensure that it is known exactly who and where the data came from to prevent an
unauthorized entity from assuming the identity of an authorized user.
Disclosure (Data Confidentiality)
Ensure that an unauthorized entity cannot eavesdrop on the data exchanges.
Message Stream Modification (Message Timeliness)
Ensure that the data was received in a timely manner to prevent malicious re-ordering of
data by an unauthorized entity.
25
SNMPv3 User-based Secuirity Model
26
SNMPv3 VCAM
The Access Control Subsystem of an SNMP entity has the responsibility for
checking whether a specific type of access to a specific managed object is
allowed.
27