Upload
vuongnhan
View
220
Download
0
Embed Size (px)
Citation preview
UNIVERSITY OF TWENTEThe SimpleWeb
CopyrighThese sh
SNMPv3
OVERVIEW:
DESIGN DECISIONS
ARCHITECTURE
SNMP MESSAGE STRUCTURE
SECURE COMMUNICATION• USER SECURITY MODEL (USM)
ACCESS CONTROL• VIEW BASED ACCESS CONTROL MODEL (VACM)
RFCs
t © 2005 by Aiko Praseets may be used for educational purposes
UNIVERSITY OF TWENTEThe SimpleWeb
DESIGN DECISIONS
ADDRESS THE NEED FOR SECURY SET SUPPORT
DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP
ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTUREMOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS
ALLOW FOR FUTURE EXTENSIONS
KEEP SNMP AS SIMPLE AS POSSIBLE
ALLOW FOR MINIMAL IMPLEMENTATIONS
SUPPORT ALSO THE MORE COMPLEX FEATURES,WHICH ARE REQUIRED IN LARGE NETWORKS
RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE
UNIVERSITY OF TWENTEThe SimpleWeb
SNMPv3 ARCHITECTURE
OTHERNOTIFICATIONORIGINATOR
COMMANDRESPONDER
COMMANDGENERATOR
NOTIFICATIONRECEIVER
PROXYFORWARDER
SNMP APPLICATIONS
SNMP ENGINE
MESSAGE PROCESSINGSUBSYSTEMDISPATCHER
SECURITYSUBSYSTEM
ACCESS CONTROLSUBSYSTEM
SNMP ENTITY
OTHER
UNIVERSITY OF TWENTEThe SimpleWeb
SNMPv3 ARCHITECTURE: MANAGER
NOTIFICATIONRECEIVER
COMMANDGENERATOR
PDUDISPATCHER
COMMUNITY BASEDSECURITY MODEL
USER BASEDSECURITY MODEL
OTHERSECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSINGSUBSYSTEM
MESSAGEDISPATCHER
TRANSPORTMAPPINGS
UNIVERSITY OF TWENTEThe SimpleWeb
SNMPv3 ARCHITECTURE: AGENT
PDUDISPATCHER
COMMUNITY BASEDSECURITY MODEL
USER BASEDSECURITY MODEL
OTHERSECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSINGSUBSYSTEM
MESSAGEDISPATCHER
TRANSPORTMAPPINGS
MANAGEMENT INFORMATION BASE
VIEW BASEDACCESS CONTROL
ACCESS CONTROL SUBSYSTEM
NOTIFICATIONORIGINATOR
COMMANDRESPONDER
UNIVERSITY OF TWENTEThe SimpleWeb
CONCEPTS: snmpEngineID
OTHER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=4
OTHER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=2
OTHER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=3
OTHER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=1
UNIVERSITY OF TWENTEThe SimpleWeb
CONCEPTS: snmpEngineID
SYNTAX DEFINED VIA TEXTUAL CONVENTION
OCTET STRING (5..32)
THE VALUE OF snmpEngineID MAY BE DETERMINED BY:• HUMAN OPERATOR
• AUTOMATIC ALGORITHM
AUTOMATIC ALGORITHM USES:• PRIVATE ENTERPRISE NUMBER
• IPv4 ADDRESS / IPv6 ADDRESS / MAC ADDRESS
TEXTUAL CONVENTION DEFINED IN SNMP FRAMEWORK MIB
UNIVERSITY OF TWENTEThe SimpleWeb
CONCEPTS: snmpEngineID
THE TERM EngineID IS FREQUENTLY USED
snmpEngineID The identifier of an SNMP engine.
SnmpEngineID The textual convention.
securityEngineID Parameter of primitives in the architecture. The authoritative SNMP entity(which is the receiver of a confirmed PDU, the sender of a trap).
contextEngineID Parameter of primitives in the architecture, andParameter in messages. Identifies the engine associated with the data.
msgAuthoritativeEngineID Parameter in messages. USM security parameter.
usmUserEngineID
An object in the snmpUsmMIB.In a simple agent, this is the agent’s own snmpEngineID. It may also be the snmpEngineID of a remote SNMP engine with which this user can communi-cate.
usmStatsUnknownEngineID An object in the snmpUsmMIB.
snmpCommunityContextEngineID An object in the communityMIB.
entLogicalContextEngineID An object in the entityMIB.
snmpProxyContextEngineID An object in the proxyMIB.
UNIVERSITY OF TWENTEThe SimpleWeb
CONCEPTS: Context
OTHER
COMMAND RESPONDER APPLICATION
SNMP ENGINE
SNMP ENTITY
snmpEngineID=1
contextEngineID=1The context can be reached from this engine, thus:
MIB
contextName=card1
MIB
contextName=card2
UNIVERSITY OF TWENTEThe SimpleWeb
PRIMITIVES BETWEEN MODULES
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
UNIVERSITY OF TWENTEThe SimpleWeb
sendPdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
sendPdu
APPLICATIONS
UNIVERSITY OF TWENTEThe SimpleWeb
prepareOutgoingMessage
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareOutgoingMessage
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
generateRequestMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
generateRequestMsg
MESSAGEPROCESSINGSUBSYSTEM
UNIVERSITY OF TWENTEThe SimpleWeb
send / receive
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
send and receive
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
prepareDataElements
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareDataElements
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
processIncomingMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processIncomingMsg
MESSAGEPROCESSINGSUBSYSTEM
UNIVERSITY OF TWENTEThe SimpleWeb
processPdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processPdu
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
isAccessAllowed
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
isAccessAllowed
APPLICATIONS
UNIVERSITY OF TWENTEThe SimpleWeb
returnResponsePdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
returnResponsePdu
APPLICATIONS
UNIVERSITY OF TWENTEThe SimpleWeb
prepareResponseMessage
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareResponseMessage
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
generateResponseMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
generateResponseMsg
MESSAGEPROCESSINGSUBSYSTEM
UNIVERSITY OF TWENTEThe SimpleWeb
send / receive
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
send and receive
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
prepareDataElements
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareDataElements
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
processIncomingMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processIncomingMsg
MESSAGEPROCESSINGSUBSYSTEM
UNIVERSITY OF TWENTEThe SimpleWeb
processResponsePdu
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processResponsePdu
DISPATCHER
UNIVERSITY OF TWENTEThe SimpleWeb
MODULES OF THE SNMPv3 ARCHITECTURE
DISPATCHER AND MESSAGE PROCESSING MODULE• RFC 3412
• SNMPv3 MESSAGE STRUCTURE• snmpMPDMIB
APPLICATIONS• RFC 3413
• snmpTargetMIB• snmpNotificationMIB
• snmpProxyMIB
SECURITY SUBSYSTEM• RFC 3414
• USER BASED SECURITY MODEL• snmpUsmMIB
ACCESS CONTROL SUBSYSTEM• RFC 3415
• VIEW BASED ACCESS CONTROL MODEL• snmpVacmMIB
UNIVERSITY OF TWENTEThe SimpleWeb
SNMPv3 MESSAGE STRUCTURE
msgVersionmsgID
msgMaxSizemsgFlags
msgSecurityModel
msgSecurityParameters
contextEngineIDcontextName
PDU
USED BY MESSAGE PROCESSING SUBSYSTEM
USED BY SNMPv3 PROCESSING MODULE
USED BY SECURITY SUBSYSTEM
USED BY ACCESS CONTROL SUBSYSTEMAND APPLICATIONS
UNIVERSITY OF TWENTEThe SimpleWeb
SNMPv3 PROCESSING MODULE PARAMETERS
msgVersionmsgID
msgMaxSizemsgFlags
msgSecurityModel
msgSecurityParameters
contextEngineIDcontextName
PDU
authFlagprivFlagreportableFlag
SNMPv1SNMPv2cUSM
484..2147483647
0..2147483647
UNIVERSITY OF TWENTEThe SimpleWeb
SECURE COMMUNICATION VERSUS ACCESS CONTROL
MIB
MANAGER
APPLICATION PROCESSES
TRANSPORT SERVICE
MANAGER AGENT
GET / GET-NEXT / GETBULKSET / TRAP / INFORM
SECURE COMMUNICATION
ACCESS CONTROLVACM
USM
UNIVERSITY OF TWENTEThe SimpleWeb
USM: SECURITY THREATS
THREAT ADDRESSED? MECHANISM
REPLAY YES TIME STAMP
MASQUERADE YES MD5 / SHA-1
INTEGRITY YES (MD5 / SHA-1)
DISCLOSURE YES DES
DENIAL OF SERVICE NO
TRAFFIC ANALYSIS NO
UNIVERSITY OF TWENTEThe SimpleWeb
USM MESSAGE STRUCTURE
msgVersionmsgID
msgMaxSizemsgFlags
msgSecurityModelmsgAuthoritativeEngineID
msgAuthoritativeEngineBootsmsgAuthoritativeEngineTime
msgUserNamemsgAuthenticationParameters
msgPrivacyParameterscontextEngineID
contextName
PDU
REPLAY
MASQUERADE/INTEGRITY/DISCLOSURE
DISCLOSURE
MASQUERADE/INTEGRITY
IDEA BEHIND REPLAY PROTECTION
LOCAL NOTION OFREMOTE CLOCK
ALLOWEDLIFETIME
LOCALCLOCK
+ >?
ID BOOTS TIME DATA ID BOOTS TIME DATA
Authoritative EngineNonauthoritative Engine
ID = msgAuthoritativeEngineID
BOOTS = msgAuthoritativeEngineBoots
TIME = msgAuthoritativeEngineTime
IDEA BEHIND DATA INTEGRITY AND AUTHENTICATION
HASH FUNCTION
DATAKEY
MAC
ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATAAND SEND THE RESULT
IDEA BEHIND AUTHENTICATION
HASH FUNCTION
KEY
MAC
DATAUSER MAC
DATA
HASH FUNCTION
KEY
MAC
DATAUSER MAC
DATA
=?
MAC = msgAuthenticationParameters
USER = msgUserName
IDEA BEHIND ENCRYPTION
DES ALGORITHM
DATADES-KEY
ENCRYPTED DATA
ENCRYPTED DATAUSER
DES ALGORITHM
DATADES-KEY
ENCRYPTED DATA
ENCRYPTED DATAUSER
USER = msgUserName
ACCESS CONTROL TABLES
GET / GETNEXTInterface Table John, Paul Authentication
•••••• ••• •••
•••••• ••• •••
SETInterface Table John Authentication
GET / GETNEXTSystems Group George None
•••••• ••• •••
•••••• ••• •••
Encryption
MIB VIEWALLOWED
MANAGERSREQUIRED LEVEL
OF SECURITYALLOWED
OPERATIONS