Think of this as managing a network of Unix workstations by copying /etc/passwd files to each node. Luckily, SNMPv3 provides a way to perform this task easily and securely. In addition to specifying a security model, the USM specifies its own MIB. Once under management, a remote SNMP agent's password file can be updated automatically and securely through SNMP. New devices are added by manually creating an administrative account and password, which are then enrolled with the necessary authentication database. Once the agent is bootstrapped into the SNMP framework, any further updates to user database or access-control rules are simply propagated to all agents and managers.
To make this work, all SNMP user accounts must be centrally located, so changes can be propagated to all managed SNMP agents and management platforms. Although this functionality will most likely ultimately reside in the management server itself, the current reference implementation from SNMP Research International provides this functionality (as well as policy management functions) in an external application.
Although the USM uses strong cryptography to encrypt and authenticate individual SNMP packets, it does so at a price. While the SNMPv3 working group proposes what appears to be an eloquent solution, it creates yet another independent network security service. To implement SNMPv3, network managers must install and maintain an additional user database and key management system strictly for network management.
For Your Eyes Only To complement the USM, the SNMPv3 working group delivers the VACM, a highly granular access-control model for SNMPv3 applications. Based on the simple concept of applying security policies to the name of the user querying the agent, the agent decides whether the user is allowed to view or change specific MIB objects. Thus, VACM lets administrators define what users can see or change, and this is applied to objects in the MIB hierarchy. However, while actual access control is performed on each SNMP agent, policies are managed in a central location--presumably through the same service that manages USM user names and keys. In RFC 2275, the VACM specifies that all agents and managers must apply various levels of access controls (views) to each MIB object, and optionally to an instance of an object. Each access-control list can specify access to a read, write or notify (used in SNMP Traps) view.
Ideally, access controls would be implemented in a security-policy management application, in which users would belong to logical groups with rights to particular object-level views (permissions) of groups of agents. Thus, administrators gain a simple, logical view of permission policies. They can see, for example, that all users in the Enterprise Managers group have read and write access to all objects on all agents. Through this application, a click of a button converts that logical policy to specific access-control lists, which, along with USM user lists, are securely and automatically distributed to all managed devices via SNMP.
Send your comments on this article to Dan Backman at dbackman@nwc.com.
|
REPORTS
ANALYTICS
Follow 
