User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

Blumenthal, Uri; Wijnen, B.

doi:10.17487/rfc2574

Cited by 128 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ILMI uses simple network management protocol (SNMP) [10,25] to exchange information between switches and end systems in the UNI case or between peer switches in the PNNI case. It is highly recommended that SNMP Version 3 (SNMPv3) [9,11,30] be implemented using the appropriate SNMP security level of the authentication protocol identifier. If the network application requires additional security, the authentication protocol identifier and the privacy protocol identifier may be set.…”

Section: Required Information Elementsmentioning

confidence: 99%

“…If the network application requires additional security, the authentication protocol identifier and the privacy protocol identifier may be set. Strong key generation and key management procedures used for SNMPv3 [9] directly impact the strong key distribution and management scheme for ILMI. SNMP Version 1 (SNMPv1) has many security deficiencies, including the lack of authentication and message confidentiality mechanisms, and should not be used.…”

Section: Required Information Elementsmentioning

confidence: 99%

See 1 more Smart Citation

Authentication mechanisms for call control message integrity and origin verification

Martin¹,

Dunn

2004

Bell Labs Tech. J.

View full text Add to dashboard Cite

Methodologies developed in the Internet IntroductionAsynchronous transfer mode (ATM) and frame relay (FR) are being deployed extensively as the broadband backbone and Internet protocol (IP) data backhaul, respectively. The purpose of this deployment is to integrate voice and data communications and provide virtual private network (VPN) services to small-and medium-sized business customers. In this context, security and protection mechanisms are integral. Network service providers are utilizing in-band signaling mechanisms, such as ATM user-network interface version 4.0 (UNI 4.0). Inherent in these mechanisms is the danger of bypassing traditional protection mechanisms, such as firewalls, and exposing sensitive information to global public Internet networks. Providers are also employing classical IP over ATM, local area network emulation, or multiprotocol over ATM over global networks.This method of network access from a local IP network into a public ATM or FR backbone involves an entirely new set of threats to the IP infrastructure. While the inherent complexity of ATM and FR protocols makes it difficult to identify all vulnerabilities that may exist and to predict all control plane threats, the following example illustrates one new threat scenario. End system address spoofing provides a simple method for carrying out denial of service and unauthorized information access attacks. Since ATM routing allows multiple routes to a destination, new calls may be routed to the attacker, denying service. Once the call to the attacker is established, the attacker can access the legitimate caller, providing unauthorized access to information. Further, the attacker can force callers to provide their addresses in the call control messages and use this information to spoof their addresses. As a result, security mechanisms at the call control layer are needed to prevent these kinds of attacks.Existing ATM and FR security mechanisms are tunnel based, i.e., they operate on the network layer, providing reliable transport services to the call control layer and provide secure tunnels between physical interfaces. As a result, they will be referred to as

show abstract

Section: Required Information Elementsmentioning

confidence: 99%

Section: Required Information Elementsmentioning

confidence: 99%

Authentication mechanisms for call control message integrity and origin verification

Martin¹,

Dunn

2004

Bell Labs Tech. J.

View full text Add to dashboard Cite

show abstract

“…A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12].…”

Section: The Snmp Management Frameworkmentioning

confidence: 99%

“…It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [12] and the View-based Access Control Model RFC 2575 [15] is recommended. Using these security features, customer/users can give access to the objects only to those principals (users) that have legitimate rights to GET or SET (change/create/delete) them.…”

Section: Radiusaccserveraddressmentioning

confidence: 99%

RADIUS Accounting Client MIB

Aboba¹,

Zorn²

1999

View full text Add to dashboard Cite

“…It is recommended that the implementors consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model STD 62, RFC 3414[RFC3414] and the View-based Access Control Model STD 62, RFC 3415 [RFC3415] is recommended.…”

mentioning

confidence: 99%

Definitions of Extension Managed Objects for Asymmetric Digital Subscriber Lines

Ly¹,

Bathrick²

2002

View full text Add to dashboard Cite

User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

Cited by 128 publications

References 0 publications

Authentication mechanisms for call control message integrity and origin verification

Authentication mechanisms for call control message integrity and origin verification

RADIUS Accounting Client MIB

Definitions of Extension Managed Objects for Asymmetric Digital Subscriber Lines

Contact Info

Product

Resources

About