PEM(Privacy Enhanced Mail)
This is a IETF standard , a result of a group working for a long time. The basic idea is have privacy by virtue of hierarchial authentication. A receiver trusts the message of the sender when it i accompanied by a certificate from his trusted authority. These authoratative certificates are distributed from a group called Internet Policy Registration Authority (IPRA) and Policy Certificate Authority (PCA). These trusted authority actually certifies the public key sent by senders. The mode of operation is as follows :
One difference with PGP is that it doesn't support compression.
SNMP(Simple Network Management Protocol)
A large network can often get into various kinds of trouble due to routers (dropping too many packets), hosts( going down) etc. One has to keep track of all these occurence and adapt to such situations. A protocol has been defined . Under this scheme all entities in the network belong to 4 class :
- Managed Nodes
- Management Stations
- Management Information (called Object)
- A management protocol
The managed nodes can be hosts,routers,bridges,printers or any other device capable of communicating status information to others. To be managed directly by SNMP , a node must be capable of running am SNMP management process, called SNMP agent. Network management is done by management stations by exchanging information with the nodes. These are basically general purpose computers running special management software.
The management stations polls the stations periodically . Since SNMP uses unreliable service of UDP the polling is essential to keep in touch with the nodes. Often the nodes sends a trap message indiacting that it is going to go down. The management stations then periodically checks (with an increased frequaency) . This type of polling is called trap directed polling. Often a group of nodes are represented by a single node which communicate with the managemenet stations. This type of node is called proxy agent. The proxy agent can also server as a security arrangement.
All the variables in these scheme are called Objects. Each variable can be referenced by a specific addressing scheme adopted by this system. The entire collection of all objects is called Management Information Base (MIB). The adrressing is hierarchial as seen in the picture.
The management stations polls the stations periodically . Since SNMP uses unreliable service of UDP the polling is essential to keep in touch with the nodes. Often the nodes sends a trap message indiacting that it is going to go down. The management stations then periodically checks (with an increased frequaency) . This type of polling is called trap directed polling. Often a group of nodes are represented by a single node which communicate with the managemenet stations. This type of node is called proxy agent. The proxy agent can also server as a security arrangement.
All the variables in these scheme are called Objects. Each variable can be referenced by a specific addressing scheme adopted by this system. The entire collection of all objects is called Management Information Base (MIB). The adrressing is hierarchial as seen in the picture.
Internet is adressed as 1.3.61. All the objects under this domain has this string at the beginning. The informations are exchanged in a standard and vendor-neutral way . All the data are represented in Abstract Syntax Notation 1 (ASN.1). It is similar to XDR as in RPC but it have widely different representation scheme. A part of it actually adopted in SNMP and modified to form Structure Of Information Base. The Protocol specifies various kinds of messages that can be exchanged between the managed nodes and the management station.
Message
|
Description
|
1. Get_Request
|
Request the value for a variable
|
2. Get_Response
|
Returns the value of the variable asked for
|
3. Get_Next_Request
|
Request a variable next to the previous one
|
4. Set_Request
|
Set the value of an Object.
|
5. Trap
|
Agent to manager Trap report
|
6. Get_bulk_request
|
Request a set of variable of same type
|
7. Inform_Request
|
Exchange of MIB among Management stations
|
The last two options has been actually added in the SNMPv2. The fourth option need some kind of authentication from the management station.
Addressing Example :
Following is an Example of the kind of address one can refer to when fetching a value in the table :-
(20) IP-Addr-Table = Sequence of IPAddr-Entry (1)
IPAddrEntry = SEQUENCE {
IPADDENTRYADDR : IPADDR (1)
Index : integer (2)
Netmask : IPAddr (3) }
IPAddrEntry = SEQUENCE {
IPADDENTRYADDR : IPADDR (1)
Index : integer (2)
Netmask : IPAddr (3) }
So when accessing the netmask of some IP-entity the variable name wld be :
1.3.6.1.2.4.20 .1.3.key-value
1.3.6.1.2.4.20 .1.3.key-value
Here since Ip-address the unique key to index any member of the array the address can be like :-
1.3.6.1.2.4.20.1.3.128.10.2.3
1.3.6.1.2.4.20.1.3.128.10.2.3
0 comments:
Post a Comment