1. Network Management Security
Ola Flygt
Växjö University, Sweden

2. Outline
Basic Concepts of SNMP
SNMPv1 Community Facility
SNMPv3

3. The Internet Standard Management Framework
SNMP network management consists of four parts:
Management Information Base (MIB)
A map of the hierarchical order of all managed objects and how they are accessed
Structure of Management Information (SMI)
Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses
SNMP Protocol
Defines format of messages exchanged by management systems and agents.
Specifies the Get, GetNext, Set, and Trap operations
Security and administration capabilities
The addition of these capabilities represents the major enhancement in SNMPv3 over SNMPv2

4. Basic Concepts of SNMP
An integrated collection of tools for network monitoring and control.
Single operator interface
Minimal amount of separate equipment. Software and network communications capability built into the existing equipment
SNMP key elements:
Management station
Management agent
Management information base
Network Management protocol
Get, Set and Notify

5. Management Information Bases (MIB)
SNMP agent is software that runs on a piece of network equipment (host, router, printer, or others) and that maintains information about its configuration and current state in a database
Information in the database is described by Management Information Bases (MIBs)
The MIB specifies the managed objects

6. Management Information Bases (MIB)
The MIB is a text file that describes managed objects using the syntax of ASN.1 (Abstract Syntax Notation 1)
ASN.1 is a formal language for describing data and its properties
In Linux, MIB files are in the directory /usr/share/snmp/mibs
Multiple MIB files
MIB-II (defined in RFC 1213) defines the managed objects of TCP/IP networks

7. Managed Objects
Each managed object is assigned an object identifier (OID)
The OID is specified in a MIB file.
An OID can be represented as a sequence of integers separated by decimal points or by a text string. Example:
iso.org.dod.internet.mgmt.mib-2.ip.ipForwData
When an SNMP manager requests an object, it sends the OID to the SNMP agent.

8. MIB Example ipForwDatagrams OBJECT-TYPE SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of input datagrams for which this
entity was not their final IP destination, as a
result of which an attempt was made to find a
route to forward them to that final destination.
In entities which do not act as IP Gateways, this
counter will include only those packets which were
Source-Routed via this entity, and the Source-
Route option processing was successful."
::= { ip 6 }

9. Protocol context of SNMP

10. Proxy Configuration

12. SNMP v1 and v2
Trap – an unsolicited message (reporting an alarm condition)
SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as the transport layer protocol.
SNMPv2 allows the use of TCP for ”reliable, connection-oriented” service.

13. Comparison of SNMPv1 and SNMPv2
SNMPv1 PDU
SNMPv2 PDU
Direction
Description
GetRequest
Manager to agent
Request value for each listed object
Request next value for each listed object
------
GetBulkRequest
Request multiple values
SetRequest
Set value for each listed object
InformRequest
Manager to manager
Transmit unsolicited information
GetResponse
Response
Agent to manager or Manage to manager(SNMPv2)
Respond to manager request
Trap
SNMPv2-Trap
Agent to manager

14. SNMPv1 Community Facility
SNMP Community – Relationship between an SNMP agent and SNMP managers.
Three aspect of agent control:
Authentication service
Access policy
Proxy service

15. SNMPv1 Administrative Concepts

16. SNMPv3
SNMPv3 defines a security capability to be used in conjunction with SNMPv1 or v2

17. SNMPv3 Flow

18. Typical SNMP Manager

19. Typical SNMP Agent

20. User Security Model (USM)
Designed to secure against:
Modification of information
Masquerade
Message stream modification
Disclosure
Not intended to secure against:
Denial of Service (DoS attack)
Traffic analysis

21. SNMP3 Message Format with USM

22. USM Encryption Authentication (using authKey)
HMAC-MD5-96
HMAC-SHA1-96
Encryption (using privKey)
DES CBC
Uses first 64 bits of the 16-octet privKey
Last 64 bits used as IV to DES CBC
Key values not accessible from SNMP

23. Authoritative Engine
SNMP messages with payloads that expect a response (Get…, Set, Inform)
Receiver of message is authoritative
SNMP messages with payload that does not expect response (Trap, Response, Report)
Sender is authoritative

24. Key Localization
Allows single user to own keys stored in multiple engines
Key localized to each authoritative engine using hash functions
Avoids problem of a single key being stored in many places
Greatly slows brute force attack

25. Key Localization

26. Timeliness Determined by a clock kept at the authoritative engine
When authoritative engine sends a message, it includes the current clock value
Nonauthoritative agent synchronizes on clock value
When nonauthoritative engine sends a message, it includes the estimated destination clock value
These procedures allow assessing message timeliness

27. View-Based Access Control Model (VACM)
VACM has two characteristics:
Determines whether access to a managed object should be allowed.
Make use of an MIB that:
Defines the access control policy for this agent.
Makes it possible for remote configuration to be used.

28. Access control decision

29. SNMPv3 Security SNMPv3 solves SNMP security problems, right?
NOT!
Decent security implementation, but reality is:
SNMPv1 still holds ~95% of the market (2005)
Even SNMPv2 not widely deployed
Upgrading to SNMPv3 is difficult and costly (sort of like moving from WinXP to WinVista all at once)
There is the issue of proxies and foreign clients
SNMPv3 is the clear long-term choice