Version 3 - Symmetricom SyncServer S100 User Manual

Symmetricom network device user guide s100

Hide thumbs Also See for SyncServer S100:

User manual (152 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

page of 166

/ 166
Contents
Table of Contents
Bookmarks

Table of Contents

SNMP is a simple request/response protocol. The network-management system issues a

request, and managed devices return responses. This is implemented using one of four

operations: Get, GetNext, Set, and Trap. The Get operation is used to retrieve the value of

one or more object instances from an agent. If the agent responding to the Get operation

cannot provide values for all the objects in a list, it does not provide any values. The GetNext

operation is used to retrieve the value of the next object in a table or a list within an agent.

The Set operation is used to set the values of object instances within an agent. The Trap

operation is used by agents to inform the NMS of a significant event.

SNMP v1 has no authentication capabilities, which increases vulnerability to security threats.

These include masquerading occurrences, modification of information, message sequence

and timing modifications, and disclosure. Masquerading consists of an unauthorized entity

attempting to perform management operations by assuming the identity of an authorized

management entity. Modification of information involves an unauthorized entity attempting to

alter a message generated by an authorized entity so that the message results in

unauthorized accounting management or configuration management operations. Message

sequence and timing modifications occur when an unauthorized entity reorders, delays, or

copies and later replays a message generated by an authorized entity. Disclosure results

when an unauthorized entity extracts values stored in managed objects, or learns of notifiable

events by monitoring exchanges between managers and agents. SNMP does not implement

authentication, many vendors do not implement Set operations, thereby reducing SNMP to a

monitoring facility.

Note:

Version 3

This contains many new security features that have been missing from the previous versions.

Both SNMP v1 and SNMP v2c are highly insecure.

SNMP v3 introduces advanced security splitting the authentication and the authorization into

two facets:

• The default User-based Security Module (USM) lists the users and their attributes. The

USM is described by

• The VACM is the Version-based Access Control Module and controls which users (and

SNMP v1/v2c communities as well) are allowed to access and how they can access

sections of the MIB tree. The VACM is described by

In this version, each user has a name (called a securityName), an authentication type

(authProtocol), and a privacy type (privProtocol) as well as associated keys for each of these

(authKey and privKey).

Authentication is performed using a user's authKey to sign the message being sent. The

authProtocol can be either MD5 or SHA. The authKeys (and privKeys) are generated from a

passphrase that must be at least 8-10 characters in length.

Authentication is performed using a user's privKey to encrypt the data portion the message

being sent. The privProtocol can only be DES at this time.

Messages can be be sent unauthenticated, authenticated, or authenticated and encrypted by

setting the securityLevel to use.

106

The S100 does not support SNMP Version 2.

RFC 2574

RFC 2575

S100 User Guide – Rev. D – June 2005

SyncServer S100

Table of Contents

Chapters

Table of Contents

Version 3 - Symmetricom SyncServer S100 User Manual

Version 3

Chapters

Related Manuals for Symmetricom SyncServer S100

Related Content for Symmetricom SyncServer S100

Table of Contents