Download Chap-28

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Information security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
SNMP
Simple Network Management
Protocol
McGraw-Hill
©The McGraw-Hill Companies, Inc., 2000
Chapter Outline
Network Management System
SNMP
Management Components SMI & MIB
SNMP messages and PDU
UDP Ports
Security
Network Management
Network management is defined as monitoring, testing, configuring, and
troubleshooting network components to meet a set of requirements
defined by an organization.
Network management system can be divided into five broad categories:
Configuration Management
Updates information about the status of each entity and its relation to other
entities must be known all the time (initialization, updates and removal)
- Reconfiguration
❏ Hardware Reconfiguration
❏ Software Reconfiguration
❏ User-account Reconfiguration
- Documentation
Every change is recorded and there must be documentation for hardware,
software, and user accounts.
(MAPs and specifications for everything in the network)
Hardware: type, serial number, vendor (address and phone number....
Software: version, the time installed, and the license agreement...
User accounts information and privileges
Fault Management
Fault management supervises the operation of the network, which
depends on the proper operation of each individual component and
its relation to other components.
-Reactive
It handles short-term solutions to faults. It is responsible for:
1- Detecting
2- Isolating
3- Correcting
4- Recording faults.
Why documentation?
❏ Helps in solving in solve a similar problem
❏ Identifying and detecting wholes from frequent failure
❏ Helpful to another part of network management, performance management
- Proactive
Tries to prevent faults from occurring
Performance Management
Performance management monitors and controls the network to ensure that it
is running as efficiently as possible.
Quantify performance by using some measurements:
Capacity, Traffic,Throughput & Response time.
Security Management
Responsible for controlling access to the network based on the
predefined policy.
Accounting Management
Control of users’ access to network resources through charges.
Simple Network Management Protocol
SNMP is a framework that provides facilities for managing and monitoring
network resources on the Internet using the TCP/IP protocol suite.
The protocol is designed at the application layer.
• Components of SNMP:
– SNMP agents
– SNMP managers
– Management Information Bases (MIBs)
– SNMP protocol itself
SNMP agent
SNMP
manager
SNMP
protocol
messages
SNMP agent
SNMP agent
SNMP concept
A manager, usually a host,
controls and monitors a set of
agents, Can be, other hosts,
Applications,Printers, routers
Management with SNMP is based on three basic ideas:
1. A manager checks an agent by requesting information.
2. A manager forces an agent to perform a task by resetting values in the agent
database.
3. An agent contributes to the manager by warning for an unusual situation.
Managment Components
To do management tasks, SNMP uses two other protocols:
Structure of Management Information (SMI)
Management Information Base (MIB).
In other words, management on the Internet is done through the
cooperation of three protocols: SNMP, SMI, and MIB.
SNMP defines the format of packets exchanged between
a manager and an agent. It reads and changes the status of
objects (values of variables) in SNMP packets.
SMI defines the general rules for naming objects, defining
object types (including range and length), and showing
how to encode objects and values.
SMI is a guideline for SNMP. It emphasizes three
attributes to handle an object: name, data type, and
encoding method.
MIB creates a collection of named objects, their types,
and their relationships to each other in an entity to be
managed.
Comparing computer programming and network management
Management overview
1
6
2
3
4
SNMP packet
Get Request
SNMP packet
Response
5
SMI uses fundamental Abstract Syntax Notation 1 (ASN.1)
to define the data type,
All objects managed by SNMP are given an object
identifier which is a hierarchical identifier based on a tree
structure.
The object identifier always starts with 1.3.6.1.2.1.
Object identifier
ObjectIndentifier 1.3.6.1
This is th eEncoding format for the object Identifer usin Basic Encoding Rules
BER
MIB
The Management Information Base, version 2 (MIB2) is the
second component used in network management. Each
agent has its own MIB2, which is a collection of all the objects
that the manager can manage. The objects in MIB2 are
categorized under 10 different groups: system, interface,
address translation, ip, icmp, tcp, udp, egp, transmission, and
snmp. These groups are under the mib-2 object in the object
identifier tree. Each group has defined variables and/or
tables.
udp group
udp variables and tables
udp variables and tables
Indexes for udpTable
Lexicographic ordering
The lexicographic ordering enables a manager to access a set of variables one after
another by defining the first variable, as we will see in the GetNextRequest command in the
next section.
SNMP
SNMP uses both SMI and MIB in Internet network
management. It is an application program that allows:
1. A manager to retrieve the value of an object defined in an
agent.
2. A manager to store a value in an object defined in an
agent.
3. An agent to send an alarm message about an abnormal
situation to the manager.
SNMP PDUs
PDUs
SNMPv3 defines eight types of packets (or PDUs):
SNMP PDU format
SNMP message
Example 24.4
In this example, a manager station (SNMP client) uses a
message with GetRequest PDU to retrieve the number of UDP
datagrams that a router has received. There is only one
VarBind sequence. The corresponding MIB variable related to
this information is udpInDatagrams with the object identifier
1.3.6.1.2.1.7.1.0. The manager wants to retrieve a value (not to
store a value), so the value defines a null entity. The bytes to be
sent are shown in hexadecimal representation.
Example
Actual message sent for the pervous
Port numbers for SNMP
UDP PORTS
SNMP uses the services of UDP on two well-known ports, 161 and
162. The well-known port 161 is used by the server (agent), and
the well-known port 162 is used by the client (manager).
SECURITY
SNMPv3 has added two new features to the previous version:
security and remote administration. SNMPv3 allows a manager to
choose one or more levels of security when accessing an agent.
Different aspects of security can be configured by the manager to
allow message authentication, confidentiality, and integrity.
Integrity: Ensure that a packet has not been tampered with.
Authentication: Ensures that a message is from a valid source.
Confidentiality: Ensures that a message cannot be read by
unauthorized.
SNMPv3 also allows remote configuration of security aspects
without requiring the administrator to actually be at the place where
the device is located.