SlideShare a Scribd company logo

OSMC 2011 | SNMPv3 leicht gemachtv by Dr. Michael Schwartzkopff

NETWAYS
NETWAYS

Simple Network Managment war in Version 1 weder Safe noch secure. Nach ein paar Versionen mit der Bezeichnung 2 haben die Ingenieure das Protokoll mit Version 3 komplett überarbeitet. Die neue Spezifikation lässt keine Wünsche mehr offen, doch trotz der Vorteile ist das Protokoll in der Praxis noch wenig verbreitet. Ursache hierfür ist mit Sicherheit auch die gestiegene Komplexität welche neue Features wie Schlüsselverwaltung und logische Kontexte mit sich bringt. Der Vortrag gibt einen Überblick über die Architektur von SNMPv3 und zeigt den Einsatz in typischen Szenarien.

Software
1 of 19
Download to read offline
© Dr. SchwartzkopffSNMP Seite 1/19 Dr. Schwartzkopff IT Services SNMPv3 Secure, Safe and Still Simple Dr. Michael Schwartzkopff
© Dr. SchwartzkopffSNMP Seite 2/19 Why SNMPv3? ● ● Several attemps for a SNMPv2 solved different problems. ● SNMPv3 offers a general solution that emphases on security and modularity. ● Only SNMPv3 offers:  Encryption,  Authentication and  Authorization. ● SNMPv3 the only valid IETF standard!
© Dr. SchwartzkopffSNMP Seite 3/19 A SNMPv3 Entity  SNMPv3 does not speak of agents or managers, but knows entities. ● The definition of SNMPv3 ist modular. So v1 and v2c integrate nicely. ● This modularity allows for future extentions.  i.e. new encryption algorithm can be implmented. ● The work is done by so called applications. According to the role of the entity different appications work.
© Dr. SchwartzkopffSNMP Seite 4/19 SNMP Entity SNMP Applications SNMP Engine Modular Architecture Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem Command Generator Command Responder Notification Originator Notification Receiver Proxy Forwarder
© Dr. SchwartzkopffSNMP Seite 5/19 The Machine  The dispatcher receives and and sends sends the SNMP messages. It passes the data on to the processing. ● The modular message processing creates or processes mesages. Modules for v1, v2 and v3 exist. ● The security subsystem authenticates and/or encryptes messages. A COMMUNITY (v1, v2c) and a user based security model (USM, v3) exist. ● Das acces control subsystem authorizes access to parts of the MIBs (view based access control model, VACM).
© Dr. SchwartzkopffSNMP Seite 6/19 The Applications  The command generator creates get, getnext, getbulk and set requests. It also processes the answers. This module works in „managers“. ● The command resonder creates the answers to the requests. This module works in „agents“. ● The notification originator and receiver create or process notifications. ● There is pletny room for additional applicationens.
© Dr. SchwartzkopffSNMP Seite 7/19 The entities  In v3 entities talk to each other. ● Each SNMP entity is defined by its snmpEngineID.  RFC3411 offers some methods calculating an unique ID. ● Every entity calculates it own ID. ● Bevore two entities exchange information the ID of the other has to be known. SNMPv3 defines a autodiscovery process.
© Dr. SchwartzkopffSNMP Seite 8/19 More Items ...  SNMPv3 defines many (!) new items. Imporant are: ● Username ● Security Level from noAuthNoPriv to authPriv. ● Authentication protocol MD5 or SHA1 ● Authentication passphrase ● Privacy Protocol (DES, AES) with passphrase
© Dr. SchwartzkopffSNMP Seite 9/19 The SNMPv3 packet msgVersion msgID msgMaxSize msgAuthoritativeEngineID msgFlags msgSecurityModel msgAuthoritativeEngineBoots MsgAutoritativeEngineTime msgAuthenticationParameters msgUserName msgPrivacyParameters msgAuthenticationParameters contextEngineID contexName PDU Message Processing Payload encrypted authenticated Security Subsystem
© Dr. SchwartzkopffSNMP Seite 10/19 1. Create Users  Create users (=secName), or map communities to a secName. ● USM – Option createUser username (MD5|SHA)  authpassphrase [DES|AES] privpassphrase Sample: createUser misch MD5 verysecret ● v1 and v2c – Option com2sec  SECNAME  SOURCE COMMUNITY z.B.: com2sec readonly 192.168.1.0/24 public
© Dr. SchwartzkopffSNMP Seite 11/19 2. Group Users  Next users are grouped together: group GROUP secModel secName ● Sample: group MyROSystem v1 readonly group MyROGroup usm misch
© Dr. SchwartzkopffSNMP Seite 12/19 3. Create Views  Views define a part of the complete OID tree. ● Different groups have access to different views. ● Views also can be defined exclusive. view VNAME TYPE OID [MASK] ● Sample: view all included .1 80 view sys included .1.3.6.1.2.1.1  view interfaces included 1.3.6.1.2.1.2
© Dr. SchwartzkopffSNMP Seite 13/19 4. Define Access  All definitions are combined to an access: access GROUP context secModel secLevel match read write notif ● Sample: access MyROSystem „“ any noauth exact system none none access MyROGroup „“ usm priv exact all none none
© Dr. SchwartzkopffSNMP Seite 14/19 Simple Usermanagement  The options rouser and rwuser provide for a simplified management:      rouser USER [noauth|auth|priv [OID | …]] ● noauth: No authentication for this user. ● auth: The user has to authenticate. ● priv: The communication will be encrypted.
© Dr. SchwartzkopffSNMP Seite 15/19 v3 in snmpcmd  The command line offers a lot of options for v3 use. ­a authProtocol MD5|SHA ­A authPassphrase ­x privProtocol DES|AES ­X privPassphrase ­l secLevel noAuthNoPriv … authPriv ­u secName ­v 3
© Dr. SchwartzkopffSNMP Seite 16/19 v3 In The Config File  No fun typing all the v3 optins. Therefor the file ~/.snmp/snmp.conf exists:    defAuthType  MD5|SHA    defAuthPassphrase  passphrase    defSecurityLevel  noAuthNoPriv … authPriv    defSecurityName  Username    DefVersion 3    defPrivType DES|AES    defPrivPassphrase passphrase ● Also possible: defPassphrase
© Dr. SchwartzkopffSNMP Seite 17/19 Simple ...  Having these entries a simple snmpwalk host .system … works again. ● You get: Simple Network Management!
© Dr. SchwartzkopffSNMP Seite 18/19 SNMP Myth  „SNMP is not secure“  Yes! But the design of SNMPv1 was never ment to be secure.  SNMPv3 is secure. All messages can be authenticated and encrypted.  SNMPv3 offers a role based access model. ● „SNMP is not safe“ (Traps are not acknowledged)  SNMPv3 offers Informs that are being acknowledged. ● „SNMP floods the net / overloads my router“  Depends on the implementation, i.e. on you!  A wrong DNS-Server also can flood the net.
© Michael Schwartzkopff, Seite 19/46 Thank you very much for you attention! Questions?

Recommended

Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMITamas K Lengyel
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureTamas K Lengyel
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
 
Virtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMVirtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMTamas K Lengyel
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisTamas K Lengyel
 
BSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysisBSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysisTamas K Lengyel
 

Recommended

Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMITamas K Lengyel
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureTamas K Lengyel
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
 
Virtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMVirtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMTamas K Lengyel
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisTamas K Lengyel
 
BSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysisBSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysisTamas K Lengyel
 
Pitfalls of virtual machine introspection on modern hardware
Pitfalls of virtual machine introspection on modern hardwarePitfalls of virtual machine introspection on modern hardware
Pitfalls of virtual machine introspection on modern hardwareTamas K Lengyel
 
CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareCrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareTamas K Lengyel
 
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningNSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningTamas K Lengyel
 
DEFCON 23 - Justin Engler - secure messaging for normal people
DEFCON 23 - Justin Engler - secure messaging for normal peopleDEFCON 23 - Justin Engler - secure messaging for normal people
DEFCON 23 - Justin Engler - secure messaging for normal peopleFelipe Prado
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with XenTamas K Lengyel
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas K Lengyel
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisTamas K Lengyel
 
Применение виртуализации для динамического анализа
Применение виртуализации для динамического анализаПрименение виртуализации для динамического анализа
Применение виртуализации для динамического анализаPositive Hack Days
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
White Paper on SNMPv3
White Paper on SNMPv3White Paper on SNMPv3
White Paper on SNMPv3mayukh rastogi
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAbhishek Kumar
 
Unit 5.1 network 2.pptx
Unit 5.1 network 2.pptxUnit 5.1 network 2.pptx
Unit 5.1 network 2.pptxLilyMkayula
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBakry3
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolPrasenjit Gayen
 
SNMP.pptx
SNMP.pptxSNMP.pptx
SNMP.pptxTanzeelGill
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
The Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesThe Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesMichael Hofmann
 

More Related Content

What's hot

Pitfalls of virtual machine introspection on modern hardware
Pitfalls of virtual machine introspection on modern hardwarePitfalls of virtual machine introspection on modern hardware
Pitfalls of virtual machine introspection on modern hardwareTamas K Lengyel
 
CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareCrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareTamas K Lengyel
 
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningNSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningTamas K Lengyel
 
DEFCON 23 - Justin Engler - secure messaging for normal people
DEFCON 23 - Justin Engler - secure messaging for normal peopleDEFCON 23 - Justin Engler - secure messaging for normal people
DEFCON 23 - Justin Engler - secure messaging for normal peopleFelipe Prado
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with XenTamas K Lengyel
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas K Lengyel
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisTamas K Lengyel
 
Применение виртуализации для динамического анализа
Применение виртуализации для динамического анализаПрименение виртуализации для динамического анализа
Применение виртуализации для динамического анализаPositive Hack Days
 

What's hot (8)

Pitfalls of virtual machine introspection on modern hardware
Pitfalls of virtual machine introspection on modern hardwarePitfalls of virtual machine introspection on modern hardware
Pitfalls of virtual machine introspection on modern hardware
 
CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareCrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardware
 
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningNSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
 
DEFCON 23 - Justin Engler - secure messaging for normal people
DEFCON 23 - Justin Engler - secure messaging for normal peopleDEFCON 23 - Justin Engler - secure messaging for normal people
DEFCON 23 - Justin Engler - secure messaging for normal people
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with Xen
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
 
Применение виртуализации для динамического анализа
Применение виртуализации для динамического анализаПрименение виртуализации для динамического анализа
Применение виртуализации для динамического анализа
 

Similar to OSMC 2011 | SNMPv3 leicht gemachtv by Dr. Michael Schwartzkopff

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAbhishek Kumar
 
Unit 5.1 network 2.pptx
Unit 5.1 network 2.pptxUnit 5.1 network 2.pptx
Unit 5.1 network 2.pptxLilyMkayula
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBakry3
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolPrasenjit Gayen
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
The Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesThe Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesMichael Hofmann
 
Shall we play a game?
Shall we play a game?Shall we play a game?
Shall we play a game?Maciej Lasyk
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolNilantha Piyasiri
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersAsep Sopyan
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on MikrotikGLC Networks
 
Summer training at WIPRO
Summer training at WIPROSummer training at WIPRO
Summer training at WIPROprerna setia
 

Similar to OSMC 2011 | SNMPv3 leicht gemachtv by Dr. Michael Schwartzkopff (20)

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
White Paper on SNMPv3
White Paper on SNMPv3White Paper on SNMPv3
White Paper on SNMPv3
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
 
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
 
Unit 5.1 network 2.pptx
Unit 5.1 network 2.pptxUnit 5.1 network 2.pptx
Unit 5.1 network 2.pptx
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slides
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
SNMP.pptx
SNMP.pptxSNMP.pptx
SNMP.pptx
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
The Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesThe Easy Way to Secure Microservices
The Easy Way to Secure Microservices
 
Shall we play a game?
Shall we play a game?Shall we play a game?
Shall we play a game?
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffers
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on Mikrotik
 
Summer training at WIPRO
Summer training at WIPROSummer training at WIPRO
Summer training at WIPRO
 

Recently uploaded

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 

Recently uploaded (20)

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 

OSMC 2011 | SNMPv3 leicht gemachtv by Dr. Michael Schwartzkopff

  • 1. © Dr. SchwartzkopffSNMP Seite 1/19 Dr. Schwartzkopff IT Services SNMPv3 Secure, Safe and Still Simple Dr. Michael Schwartzkopff
  • 2. © Dr. SchwartzkopffSNMP Seite 2/19 Why SNMPv3? ● ● Several attemps for a SNMPv2 solved different problems. ● SNMPv3 offers a general solution that emphases on security and modularity. ● Only SNMPv3 offers:  Encryption,  Authentication and  Authorization. ● SNMPv3 the only valid IETF standard!
  • 3. © Dr. SchwartzkopffSNMP Seite 3/19 A SNMPv3 Entity  SNMPv3 does not speak of agents or managers, but knows entities. ● The definition of SNMPv3 ist modular. So v1 and v2c integrate nicely. ● This modularity allows for future extentions.  i.e. new encryption algorithm can be implmented. ● The work is done by so called applications. According to the role of the entity different appications work.
  • 4. © Dr. SchwartzkopffSNMP Seite 4/19 SNMP Entity SNMP Applications SNMP Engine Modular Architecture Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem Command Generator Command Responder Notification Originator Notification Receiver Proxy Forwarder
  • 5. © Dr. SchwartzkopffSNMP Seite 5/19 The Machine  The dispatcher receives and and sends sends the SNMP messages. It passes the data on to the processing. ● The modular message processing creates or processes mesages. Modules for v1, v2 and v3 exist. ● The security subsystem authenticates and/or encryptes messages. A COMMUNITY (v1, v2c) and a user based security model (USM, v3) exist. ● Das acces control subsystem authorizes access to parts of the MIBs (view based access control model, VACM).
  • 6. © Dr. SchwartzkopffSNMP Seite 6/19 The Applications  The command generator creates get, getnext, getbulk and set requests. It also processes the answers. This module works in „managers“. ● The command resonder creates the answers to the requests. This module works in „agents“. ● The notification originator and receiver create or process notifications. ● There is pletny room for additional applicationens.
  • 7. © Dr. SchwartzkopffSNMP Seite 7/19 The entities  In v3 entities talk to each other. ● Each SNMP entity is defined by its snmpEngineID.  RFC3411 offers some methods calculating an unique ID. ● Every entity calculates it own ID. ● Bevore two entities exchange information the ID of the other has to be known. SNMPv3 defines a autodiscovery process.
  • 8. © Dr. SchwartzkopffSNMP Seite 8/19 More Items ...  SNMPv3 defines many (!) new items. Imporant are: ● Username ● Security Level from noAuthNoPriv to authPriv. ● Authentication protocol MD5 or SHA1 ● Authentication passphrase ● Privacy Protocol (DES, AES) with passphrase
  • 9. © Dr. SchwartzkopffSNMP Seite 9/19 The SNMPv3 packet msgVersion msgID msgMaxSize msgAuthoritativeEngineID msgFlags msgSecurityModel msgAuthoritativeEngineBoots MsgAutoritativeEngineTime msgAuthenticationParameters msgUserName msgPrivacyParameters msgAuthenticationParameters contextEngineID contexName PDU Message Processing Payload encrypted authenticated Security Subsystem
  • 10. © Dr. SchwartzkopffSNMP Seite 10/19 1. Create Users  Create users (=secName), or map communities to a secName. ● USM – Option createUser username (MD5|SHA)  authpassphrase [DES|AES] privpassphrase Sample: createUser misch MD5 verysecret ● v1 and v2c – Option com2sec  SECNAME  SOURCE COMMUNITY z.B.: com2sec readonly 192.168.1.0/24 public
  • 11. © Dr. SchwartzkopffSNMP Seite 11/19 2. Group Users  Next users are grouped together: group GROUP secModel secName ● Sample: group MyROSystem v1 readonly group MyROGroup usm misch
  • 12. © Dr. SchwartzkopffSNMP Seite 12/19 3. Create Views  Views define a part of the complete OID tree. ● Different groups have access to different views. ● Views also can be defined exclusive. view VNAME TYPE OID [MASK] ● Sample: view all included .1 80 view sys included .1.3.6.1.2.1.1  view interfaces included 1.3.6.1.2.1.2
  • 13. © Dr. SchwartzkopffSNMP Seite 13/19 4. Define Access  All definitions are combined to an access: access GROUP context secModel secLevel match read write notif ● Sample: access MyROSystem „“ any noauth exact system none none access MyROGroup „“ usm priv exact all none none
  • 14. © Dr. SchwartzkopffSNMP Seite 14/19 Simple Usermanagement  The options rouser and rwuser provide for a simplified management:      rouser USER [noauth|auth|priv [OID | …]] ● noauth: No authentication for this user. ● auth: The user has to authenticate. ● priv: The communication will be encrypted.
  • 15. © Dr. SchwartzkopffSNMP Seite 15/19 v3 in snmpcmd  The command line offers a lot of options for v3 use. ­a authProtocol MD5|SHA ­A authPassphrase ­x privProtocol DES|AES ­X privPassphrase ­l secLevel noAuthNoPriv … authPriv ­u secName ­v 3
  • 16. © Dr. SchwartzkopffSNMP Seite 16/19 v3 In The Config File  No fun typing all the v3 optins. Therefor the file ~/.snmp/snmp.conf exists:    defAuthType  MD5|SHA    defAuthPassphrase  passphrase    defSecurityLevel  noAuthNoPriv … authPriv    defSecurityName  Username    DefVersion 3    defPrivType DES|AES    defPrivPassphrase passphrase ● Also possible: defPassphrase
  • 17. © Dr. SchwartzkopffSNMP Seite 17/19 Simple ...  Having these entries a simple snmpwalk host .system … works again. ● You get: Simple Network Management!
  • 18. © Dr. SchwartzkopffSNMP Seite 18/19 SNMP Myth  „SNMP is not secure“  Yes! But the design of SNMPv1 was never ment to be secure.  SNMPv3 is secure. All messages can be authenticated and encrypted.  SNMPv3 offers a role based access model. ● „SNMP is not safe“ (Traps are not acknowledged)  SNMPv3 offers Informs that are being acknowledged. ● „SNMP floods the net / overloads my router“  Depends on the implementation, i.e. on you!  A wrong DNS-Server also can flood the net.
  • 19. © Michael Schwartzkopff, Seite 19/46 Thank you very much for you attention! Questions?