Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Tutorial Slides Snmpv3

    Hochgeladen von

    lefreak1979
    65 Ansichten40 Seiten
    UNIVERSITY OF TWENTE The SimpleWeb SNMPv3 DESIGN DECISIONS ADDRESS THE NEED for SECURY SET SUPPORT DEFINE AN ARCHITECTURE THAT ALLOWS for LONGEVITY OF SNMP ALLOW THAT DIFFERENT PORTIONS OF the ARCHITECTURE move at different speeds towards standard status KEEP SNMP AS SIMPLE AS POSSIBLE ALLOW for MINIMAL IMPLEMENTATIONS SUPPORT THE MORE COMPLEX FEATURES

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    UNIVERSITY OF TWENTE The SimpleWeb SNMPv3 DESIGN DECISIONS ADDRESS THE NEED for SECURY SET SUPPORT DEFINE AN ARCHITECTURE THAT ALLOWS for LONGEVITY OF SNMP ALLOW THAT DIFFERENT PORTIONS OF the ARCHITECTURE move at different speeds towards standard status KEEP SNMP AS SIMPLE AS POSSIBLE ALLOW for MINIMAL IMPLEMENTATIONS SUPPORT THE MORE COMPLEX FEATURES

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    65 Ansichten40 Seiten

    Tutorial Slides Snmpv3

    Hochgeladen von

    lefreak1979
    UNIVERSITY OF TWENTE The SimpleWeb SNMPv3 DESIGN DECISIONS ADDRESS THE NEED for SECURY SET SUPPORT DEFINE AN ARCHITECTURE THAT ALLOWS for LONGEVITY OF SNMP ALLOW THAT DIFFERENT PORTIONS OF the ARCHITECTURE move at different speeds towards standard status KEEP SNMP AS SIMPLE AS POSSIBLE ALLOW for MINIMAL IMPLEMENTATIONS SUPPORT THE MORE COMPLEX FEATURES

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 40

    UNIVERSITY OF TWENTE The SimpleWeb

    SNMPv3 OVERVIEW:
    DESIGN DECISIONS ARCHITECTURE SNMP MESSAGE STRUCTURE SECURE COMMUNICATION
    USER SECURITY MODEL (USM)

    ACCESS CONTROL
    VIEW BASED ACCESS CONTROL MODEL (VACM)

    RFCs

    Copyright 2005 by Aiko Pras These sheets may be used for educational purposes

    UNIVERSITY OF TWENTE The SimpleWeb

    DESIGN DECISIONS
    ADDRESS THE NEED FOR SECURY SET SUPPORT DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTURE MOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS ALLOW FOR FUTURE EXTENSIONS KEEP SNMP AS SIMPLE AS POSSIBLE ALLOW FOR MINIMAL IMPLEMENTATIONS SUPPORT ALSO THE MORE COMPLEX FEATURES, WHICH ARE REQUIRED IN LARGE NETWORKS RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE

    UNIVERSITY OF TWENTE The SimpleWeb

    SNMPv3 ARCHITECTURE

    SNMP ENTITY
    SNMP APPLICATIONS
    COMMAND GENERATOR COMMAND RESPONDER NOTIFICATION ORIGINATOR NOTIFICATION RECEIVER PROXY FORWARDER

    OTHER OTHER

    SNMP ENGINE
    MESSAGE PROCESSING SUBSYSTEM SECURITY SUBSYSTEM ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    UNIVERSITY OF TWENTE The SimpleWeb

    SNMPv3 ARCHITECTURE: MANAGER

    COMMAND GENERATOR

    NOTIFICATION RECEIVER

    PDU DISPATCHER

    MESSAGE PROCESSING SUBSYSTEM SNMPv1

    SECURITY SUBSYSTEM COMMUNITY BASED SECURITY MODEL USER BASED SECURITY MODEL OTHER SECURITY MODEL

    MESSAGE DISPATCHER

    SNMPv2C

    SNMPv3 TRANSPORT MAPPINGS

    OTHER

    UNIVERSITY OF TWENTE The SimpleWeb

    SNMPv3 ARCHITECTURE: AGENT

    MANAGEMENT INFORMATION BASE


    ACCESS CONTROL SUBSYSTEM

    COMMAND RESPONDER

    VIEW BASED ACCESS CONTROL

    NOTIFICATION ORIGINATOR

    PDU DISPATCHER

    MESSAGE PROCESSING SUBSYSTEM SNMPv1

    SECURITY SUBSYSTEM COMMUNITY BASED SECURITY MODEL USER BASED SECURITY MODEL OTHER SECURITY MODEL

    MESSAGE DISPATCHER

    SNMPv2C

    SNMPv3 TRANSPORT MAPPINGS

    OTHER

    UNIVERSITY OF TWENTE The SimpleWeb

    CONCEPTS: snmpEngineID

    SNMP ENTITY
    OTHER

    SNMP ENGINE snmpEngineID=1

    SNMP ENTITY
    OTHER

    SNMP ENGINE snmpEngineID=2 SNMP ENTITY SNMP ENTITY


    OTHER OTHER

    SNMP ENGINE snmpEngineID=3

    SNMP ENGINE snmpEngineID=4

    UNIVERSITY OF TWENTE The SimpleWeb

    CONCEPTS: snmpEngineID SYNTAX DEFINED VIA TEXTUAL CONVENTION


    OCTET STRING (5..32)

    THE VALUE OF snmpEngineID MAY BE DETERMINED BY:


    HUMAN OPERATOR AUTOMATIC ALGORITHM

    AUTOMATIC ALGORITHM USES:


    PRIVATE ENTERPRISE NUMBER IPv4 ADDRESS / IPv6 ADDRESS / MAC ADDRESS

    TEXTUAL CONVENTION DEFINED IN SNMP FRAMEWORK MIB

    UNIVERSITY OF TWENTE The SimpleWeb

    CONCEPTS: snmpEngineID THE TERM EngineID IS FREQUENTLY USED

    snmpEngineID The identifier of an SNMP engine. SnmpEngineID The textual convention. Parameter of primitives in the architecture. The authoritative SNMP entity securityEngineID (which is the receiver of a confirmed PDU, the sender of a trap). contextEngineID Parameter of primitives in the architecture, and Parameter in messages. Identifies the engine associated with the data.

    msgAuthoritativeEngineID Parameter in messages. USM security parameter. An object in the snmpUsmMIB. In a simple agent, this is the agents own snmpEngineID. It may also be the usmUserEngineID snmpEngineID of a remote SNMP engine with which this user can communicate. usmStatsUnknownEngineID An object in the snmpUsmMIB. snmpCommunityContextEngineID An object in the communityMIB. entLogicalContextEngineID An object in the entityMIB. snmpProxyContextEngineID An object in the proxyMIB.

    UNIVERSITY OF TWENTE The SimpleWeb

    CONCEPTS: Context

    contextName=card1

    contextName=card2

    SNMP ENTITY
    COMMAND RESPONDER APPLICATION

    MIB

    MIB

    OTHER

    SNMP ENGINE snmpEngineID=1

    The context can be reached from this engine, thus:


    contextEngineID=1

    UNIVERSITY OF TWENTE The SimpleWeb

    PRIMITIVES BETWEEN MODULES


    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    UNIVERSITY OF TWENTE The SimpleWeb

    sendPdu
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    sendPdu
    ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    UNIVERSITY OF TWENTE The SimpleWeb

    prepareOutgoingMessage
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    prepareOutgoingMessage

    UNIVERSITY OF TWENTE The SimpleWeb

    generateRequestMsg
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    generateRequestMsg

    UNIVERSITY OF TWENTE The SimpleWeb

    send / receive
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    send and receive

    UNIVERSITY OF TWENTE The SimpleWeb

    prepareDataElements
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    prepareDataElements

    UNIVERSITY OF TWENTE The SimpleWeb

    processIncomingMsg
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    processIncomingMsg

    UNIVERSITY OF TWENTE The SimpleWeb

    processPdu
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    processPdu
    ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    UNIVERSITY OF TWENTE The SimpleWeb

    isAccessAllowed
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    isAccessAllowed
    ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    UNIVERSITY OF TWENTE The SimpleWeb

    returnResponsePdu
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    returnResponsePdu
    ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    UNIVERSITY OF TWENTE The SimpleWeb

    prepareResponseMessage
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    prepareResponseMessage

    UNIVERSITY OF TWENTE The SimpleWeb

    generateResponseMsg
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    generateResponseMsg

    UNIVERSITY OF TWENTE The SimpleWeb

    send / receive
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    send and receive

    UNIVERSITY OF TWENTE The SimpleWeb

    prepareDataElements
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    prepareDataElements

    UNIVERSITY OF TWENTE The SimpleWeb

    processIncomingMsg
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    ACCESS CONTROL SUBSYSTEM

    ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    processIncomingMsg

    UNIVERSITY OF TWENTE The SimpleWeb

    processResponsePdu
    Parameters
    contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength

    APPLICATIONS

    APPLICATIONS

    processResponsePdu
    ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    DISPATCHER

    SECURITY SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    MESSAGE PROCESSING SUBSYSTEM

    UNIVERSITY OF TWENTE The SimpleWeb

    MODULES OF THE SNMPv3 ARCHITECTURE


    DISPATCHER AND MESSAGE PROCESSING MODULE RFC 3412 SNMPv3 MESSAGE STRUCTURE snmpMPDMIB APPLICATIONS RFC 3413 snmpTargetMIB snmpNotificationMIB snmpProxyMIB SECURITY SUBSYSTEM RFC 3414 USER BASED SECURITY MODEL snmpUsmMIB ACCESS CONTROL SUBSYSTEM RFC 3415 VIEW BASED ACCESS CONTROL MODEL snmpVacmMIB

    UNIVERSITY OF TWENTE The SimpleWeb

    SNMPv3 MESSAGE STRUCTURE


    msgVersion msgID msgMaxSize msgFlags msgSecurityModel

    USED BY MESSAGE PROCESSING SUBSYSTEM USED BY SNMPv3 PROCESSING MODULE

    msgSecurityParameters

    USED BY SECURITY SUBSYSTEM

    contextEngineID contextName

    PDU

    USED BY ACCESS CONTROL SUBSYSTEM AND APPLICATIONS

    UNIVERSITY OF TWENTE The SimpleWeb

    SNMPv3 PROCESSING MODULE PARAMETERS


    msgVersion msgID msgMaxSize msgFlags msgSecurityModel

    0..2147483647 484..2147483647 authFlag privFlag reportableFlag SNMPv1 SNMPv2c USM

    msgSecurityParameters

    contextEngineID contextName

    PDU

    UNIVERSITY OF TWENTE The SimpleWeb

    SECURE COMMUNICATION VERSUS ACCESS CONTROL MANAGER


    ACCESS CONTROL VACM

    AGENT
    MIB

    MANAGER APPLICATION PROCESSES

    SECURE COMMUNICATION USM


    GET / GET-NEXT / GETBULK SET / TRAP / INFORM

    TRANSPORT SERVICE

    UNIVERSITY OF TWENTE The SimpleWeb

    USM: SECURITY THREATS


    THREAT REPLAY MASQUERADE INTEGRITY DISCLOSURE DENIAL OF SERVICE TRAFFIC ANALYSIS ADDRESSED? YES YES YES YES NO NO MECHANISM TIME STAMP MD5 / SHA-1 (MD5 / SHA-1) DES

    UNIVERSITY OF TWENTE The SimpleWeb

    USM MESSAGE STRUCTURE


    msgVersion msgID msgMaxSize msgFlags msgSecurityModel msgAuthoritativeEngineID msgAuthoritativeEngineBoots msgAuthoritativeEngineTime msgUserName msgAuthenticationParameters msgPrivacyParameters contextEngineID contextName

    REPLAY

    MASQUERADE/INTEGRITY/DISCLOSURE MASQUERADE/INTEGRITY DISCLOSURE

    PDU

    IDEA BEHIND REPLAY PROTECTION


    Nonauthoritative Engine LOCAL NOTION OF REMOTE CLOCK Authoritative Engine ALLOWED LIFETIME LOCAL CLOCK

    >?

    ID BOOTS TIME

    DATA

    ID BOOTS TIME

    DATA

    ID = msgAuthoritativeEngineID BOOTS = msgAuthoritativeEngineBoots TIME = msgAuthoritativeEngineTime

    IDEA BEHIND DATA INTEGRITY AND AUTHENTICATION

    KEY

    DATA

    HASH FUNCTION

    MAC

    ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATA AND SEND THE RESULT

    IDEA BEHIND AUTHENTICATION

    KEY

    DATA

    KEY

    DATA

    HASH FUNCTION

    HASH FUNCTION

    MAC MAC =? USER MAC DATA USER MAC DATA

    USER = msgUserName MAC = msgAuthenticationParameters

    IDEA BEHIND THE DATA CONFIDENTIALITY (DES)

    DES-KEY

    DATA

    DES ALGORITHM

    ENCRYPTED DATA

    IDEA BEHIND ENCRYPTION

    DES-KEY

    DATA

    DES-KEY

    DATA

    DES ALGORITHM

    DES ALGORITHM

    ENCRYPTED DATA

    ENCRYPTED DATA

    USER

    ENCRYPTED DATA

    USER

    ENCRYPTED DATA

    USER = msgUserName

    VIEW BASED ACCESS CONTROL MODEL


    ACCESS CONTROL TABLE MIB VIEWS

    ACCESS CONTROL TABLES


    ALLOWED OPERATIONS SET GET / GETNEXT GET / GETNEXT ALLOWED MANAGERS John John, Paul George REQUIRED LEVEL OF SECURITY Authentication Encryption Authentication None

    MIB VIEW Interface Table Interface Table Systems Group

    MIB VIEWS

    SNMPv3 RFCs

    SNMP ENTITY
    SNMP APPLICATIONS

    RFC 3411 RFC 3413


    OTHER

    SNMP ENGINE RFC 3412


    DISPATCHER

    RFC 3412
    MESSAGE PROCESSING SUBSYSTEM

    USM: RFC 3414


    SECURITY SUBSYSTEM

    VACM: RFC 3415


    ACCESS CONTROL SUBSYSTEM

    Das könnte Ihnen auch gefallen