Presentation is loading. Please wait.

Presentation is loading. Please wait.

EE579T/10 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "EE579T/10 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley."— Presentation transcript:

1 EE579T/10 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley

2 EE579T/10 #2 Spring 2002 © 2000-2002, Richard A. Stanley WPI Overview of Tonight’s Class Review last week’s lesson Course project outlines Security in the news SNMP

3 EE579T/10 #3 Spring 2002 © 2000-2002, Richard A. Stanley WPI Summary TCP/IP was not intended as a secure protocol; as a result, it has vulnerabilities that can be exploited There are many ways to get access to info There are many types of attacks that can be mounted over network connections in order to gain unauthorized access to resources Never forget, the best access is hands-on

4 EE579T/10 #4 Spring 2002 © 2000-2002, Richard A. Stanley WPI Projects to Present on April 17 Team 1: Kerberos –Xiangping Xu, Yang, Gao, Yingchun Xu Team 2: Mobile IP Security –Phadnis, Misra, Shetty, Subramaniam Team 3: Routing Security –Aytek, Baktir, Yadlon Team 9: SNMP Vulnerability –Staake, Peterson, Schweinsberg, Toczek

5 EE579T/10 #5 Spring 2002 © 2000-2002, Richard A. Stanley WPI Projects to Present on April 17 Team 5: deleted Team 6: Fibre Channel Security –Elkind, Maki, Deshpande, Nat, Rongfred Team 7: Bluetooth Security –Mason, Bouchard Team 8: Flawed WEP & Fixes –Doraisami, Shirali, Shukla, Thurston

6 EE579T/10 #6 Spring 2002 © 2000-2002, Richard A. Stanley WPI Projects to Present on April 24 Team 4: Exploiting Firewall Rule Sets –Kurtz, Barrett Team 10: TCP Security Flaws –Kavita, Anuj, Nikhil Team 11: Intrusion Detection –Madhavi, Shankar, Rohan, Swathi Team 12: Network Worms –Yuefeng, Wei, Xin

7 EE579T/10 #7 Spring 2002 © 2000-2002, Richard A. Stanley WPI Projects to Present on April 24 Team 13:Web Services Security –Geldmacher, Johnston, Team 14: DDoS –Hill, Voduc, Huynh Team 15: S/W Firewalls –Page, Poon, Ibrahim, Meawad, Leclerc Team 16: Honeypots –Hartling, Lawson, Posluszny, Chung

8 EE579T/10 #8 Spring 2002 © 2000-2002, Richard A. Stanley WPI Top Ten Security Concerns

9 EE579T/10 #9 Spring 2002 © 2000-2002, Richard A. Stanley WPI Crypto Security--Again Bugtraq reports 1024-bit RSA encryption should be “considered compromised” Estimates factoring can be done for <$1B What uses a key stronger than 1024 bits? So, are SSL, S/MIME, all toast? What about risk management? –Is what you have worth $1B to someone? –If so, do they have the $1B to spend on it?

10 EE579T/10 #10 Spring 2002 © 2000-2002, Richard A. Stanley WPI Real-World Security Lessons Hotel in Netanya, Israel attacked by suicide bomber during religious observance 15 dead, 100 wounded Arab League meeting in Beirut about peace Bomber’s motivation? Net security lessons?

11 EE579T/10 #11 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv2 SNMPv3

12 EE579T/10 #12 Spring 2002 © 2000-2002, Richard A. Stanley WPI Why SNMP? To provide a simple means of managing objects across a network –These objects need not be network elements –The objects need not support SNMP (although it makes things easier if they do!) –“Management” can be tailored to mean what we need it to mean First introduced in 1988

13 EE579T/10 #13 Spring 2002 © 2000-2002, Richard A. Stanley WPI Basic Concepts of SNMP An integrated collection of tools for network monitoring and control. –Single operator interface –Minimal amount of separate equipment. Software and network communications capability built into the existing equipment SNMP key elements: –Management station (physical device) –Management agent (software implementation) –Management information base (collection of objects) –Network Management protocol Get, Set and Trap

14 EE579T/10 #14 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP MIB Management Information Base = MIB –Database held at the managed client –Scalar variables –2D tables Uses streamlined protocol to: –Allow manager to Get and Set MIB variables –Enable agent to issue unsolicited notifications These are called traps

15 EE579T/10 #15 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP Characteristics Runs over UDP/IP or TCP/IP, depending on version Uses –Port 161 (for messages) –Port 162 (for traps)

16 EE579T/10 #16 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP Protocol

17 EE579T/10 #17 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP Commands Get –Query a MIB for information Set –Set values in a MIB Trap –Send condition information –Asynchronous

18 EE579T/10 #18 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP Proxies SNMPv1 supports UDP over IP –Period! There are lots of clients out there that need to be managed that don’t speak UDP Proxies bridge the gap –Provide translation of client management language to SNMP –Interfaces to SNMP for the client

19 EE579T/10 #19 Spring 2002 © 2000-2002, Richard A. Stanley WPI Proxy Configuration

20 EE579T/10 #20 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv2 Allows use of TCP/IP, and others Provides additional management features –Distributed network management Single-server hierarchical networks get overloaded –Functional enhancements GetBulk – retrieve block of data at once Inform – intra-management station communications of events and/or conditions Removes atomicity from the Get command

21 EE579T/10 #21 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP v1 and v2 SNMPv2 intended deal with deficiencies of SNMPv1 –Introduced first in 1993 SNMPv1 is “connectionless” –Just like HTTP –Why? Utilizes UDP as the transport layer protocol. SNMPv2 allows use of TCP for “reliable, connection-oriented” service

22 EE579T/10 #22 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv2 Distributed Management

23 EE579T/10 #23 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv1 vs. SNMPv2 SNMPv1SNMPv2 Direction Description GetRequest Manager to agentRequest value for each listed object GetRequest Manager to agentRequest next value for each listed object ------GetBulkRequestManager to agentRequest multiple values SetRequest Manager to agentSet value for each listed object ------InformRequestManager to managerTransmit unsolicited information GetResponseResponseAgent to manager or Manage to manager(SNMPv2) Respond to manager request TrapSNMPv2-TrapAgent to managerTransmit unsolicited information

24 EE579T/10 #24 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv1 Community Facility SNMP Community – Relationship between an SNMP agent and SNMP managers –Think of a network domain as an analog Three aspects of agent control: –Authentication service –Access policy –Proxy service

25 EE579T/10 #25 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv1 Administrative Concepts

26 EE579T/10 #26 Spring 2002 © 2000-2002, Richard A. Stanley WPI Access Policy SNMP MIB View –Subset of objects within the MIB –May be on different MIB sub-trees SNMP Access Mode –Element of the set of MIB objects –Defined for each community These two together are the SNMP Community Profile

27 EE579T/10 #27 Spring 2002 © 2000-2002, Richard A. Stanley WPI What About Proxied Clients? Supported within community concept Proxy is an SNMP agent that acts on behalf of other (foreign) devices –For each device supported, SNMP proxy maintains an access policy –Therefore, proxy knows which MIB objects can be used to manage the proxied system, and their access mode

28 EE579T/10 #28 Spring 2002 © 2000-2002, Richard A. Stanley WPI Where is the Security? SNMPv1 has no inherent security –Messages can be spoofed, altered, or deleted –Does this have a potential for evil? SNMPv2 doesn’t have any, either –It actually makes things worse by introducing the distributed management concept What to do?

29 EE579T/10 #29 Spring 2002 © 2000-2002, Richard A. Stanley WPI Enter SNMPv3 Framework for incorporating security into SNMPv1 or SNMPv2 –Introduced 1998 Not a standalone replacement for either v1 or v2 !! –Adds security –Requires underlying SNMP system Not yet completely standardized

30 EE579T/10 #30 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv3 Architecture

31 EE579T/10 #31 Spring 2002 © 2000-2002, Richard A. Stanley WPI Traditional SNMP Manager

32 EE579T/10 #32 Spring 2002 © 2000-2002, Richard A. Stanley WPI Traditional SNMP Agent

33 EE579T/10 #33 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv3 Message Flow

34 EE579T/10 #34 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMP3 Message Format with USM

35 EE579T/10 #35 Spring 2002 © 2000-2002, Richard A. Stanley WPI User Security Model (USM) Designed to secure against: –Modification of information (integrity) –Masquerade (authentication) –Message stream modification (stream integrity) –Disclosure (confidentiality) Not intended to secure against: –Denial of Service (DoS attack) –Traffic analysis

36 EE579T/10 #36 Spring 2002 © 2000-2002, Richard A. Stanley WPI In Theory… DoS attacks may look like network failure (imagine that!) DoS should be dealt with by an overall network security capability, not one embedded in a protocol Traffic analysis no problem, as management traffic highly predictable anyway What do you think?

37 EE579T/10 #37 Spring 2002 © 2000-2002, Richard A. Stanley WPI USM Encryption Authentication (using authKey) –HMAC-MD5-96 –HMAC-SHA1-96 Encryption (using privKey) –DES CBC –Uses first 64 bits of the 16-octet privKey –Last 64 bits used as IV to DES CBC Key values not accessible from SNMP

38 EE579T/10 #38 Spring 2002 © 2000-2002, Richard A. Stanley WPI Authoritative Engine SNMP messages with payloads that expect a response (Get…, Set, Inform) –Receiver of message is authoritative SNMP messages with payload that does not expect response (Trap, Response, Report) –Sender is authoritative So what?

39 EE579T/10 #39 Spring 2002 © 2000-2002, Richard A. Stanley WPI Key Localization Allows single user to own keys stored in multiple engines –Key localized to each authoritative engine using hash functions –Avoids problem of a single key being stored in many places Greatly slows brute force attack

40 EE579T/10 #40 Spring 2002 © 2000-2002, Richard A. Stanley WPI Key Localization Process

41 EE579T/10 #41 Spring 2002 © 2000-2002, Richard A. Stanley WPI Timeliness Determined by a clock kept at the authoritative engine –When authoritative engine sends a message, it includes the current clock value Nonauthoritative agent synchronizes on clock value –When nonauthoritative engine sends a message, it includes the estimated destination clock value These procedures allow assessing message timeliness Why do we care?

42 EE579T/10 #42 Spring 2002 © 2000-2002, Richard A. Stanley WPI View-Based Access Control Model (VACM) VACM has two characteristics: –Determines whether access to a managed object should be allowed. –Make use of an MIB that: Defines the access control policy for this agent. Makes it possible for remote configuration to be used.

43 EE579T/10 #43 Spring 2002 © 2000-2002, Richard A. Stanley WPI Access Control Logic in VACM

44 EE579T/10 #44 Spring 2002 © 2000-2002, Richard A. Stanley WPI SNMPv3 Security SNMPv3 solves SNMP security problems, right? –NOT! Decent security implementation, but reality is: –SNMPv1 still holds ~95% of the market –Even SNMPv2 not widely deployed –Upgrading to SNMPv3 is difficult and costly (sort of like moving from Win95 to WinXP all at once) –There is the issue of proxies and foreign clients SNMPv3 is the clear long-term choice

45 EE579T/10 #45 Spring 2002 © 2000-2002, Richard A. Stanley WPI Recent SNMP Security Events CERT Advisory 12 Feb 02, Revised 26 Mar 02, warns about potential for –unauthorized privileged access (which allows, inter alia, enumeration of SNMP agents) –denial of service attacks –unstable behavior Vulnerabilities in both messages and traps Vulnerabilities are in SNMPv1!

46 EE579T/10 #46 Spring 2002 © 2000-2002, Richard A. Stanley WPI This is Not New News! After this class, are you surprised? These vulnerabilities have been in SNMP since Day One Only now, with an increased emphasis on security, are they getting the attention they deserve Officially, the vulnerabilities have not been exploited. Unofficially, they have.

47 EE579T/10 #47 Spring 2002 © 2000-2002, Richard A. Stanley WPI Summary SNMP is widely-used for managing clients distributed across a network SNMPv1 is simple, effective, and provides the majority of SNMP service in the field SNMPv2 adds some functionality to v1 SNMPv3 is a security overlay for either version, not a standalone replacement SNMP security is a major issue!

48 EE579T/10 #48 Spring 2002 © 2000-2002, Richard A. Stanley WPI Homework Read Stallings, Chapters 8 & 10 Do Problems 8.2, 8.4, 8.8

Download ppt "EE579T/10 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley."

Similar presentations

Henric Johnson1 Chapter 12 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 12 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.

Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY.

CS 678 P. T. Chung1 Network Management Security CS 678 Network Security, Dept. of Computer Science, Long Island University,Brooklyn, NY.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
CIS 203 17 : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.

CIS : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
Network Management Security

Network Management Security
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
EE579T/GD_6 #1 Summer 2003 © 2000-2003, Richard A. Stanley EE579T Network Security 7: An Overview of SNMP and Intrusion Detection Prof. Richard A. Stanley.

EE579T/GD_6 #1 Summer 2003 © , Richard A. Stanley EE579T Network Security 7: An Overview of SNMP and Intrusion Detection Prof. Richard A. Stanley.
Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.

Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.
Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
EE579T/9 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T Network Security 9: An Introduction to Network-Based Attacks Prof. Richard A. Stanley.

EE579T/9 #1 Spring 2002 © , Richard A. Stanley WPI EE579T Network Security 9: An Introduction to Network-Based Attacks Prof. Richard A. Stanley.
NS-H0503-02/11041 SNMP. NS-H0503-02/11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
EE579T/10 #1 Spring 2005 © 2000-2005, Richard A. Stanley EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.

EE579T/10 #1 Spring 2005 © , Richard A. Stanley EE579T Network Security 10: An Overview of SNMP Prof. Richard A. Stanley.
1 System support & Management Protocols Lesson 13 NETS2150/2850 School of Information Technologies.

1 System support & Management Protocols Lesson 13 NETS2150/2850 School of Information Technologies.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU

Similar presentations

Ads by Google