Page 38 - CITS - Computer Software Application -TT
P. 38
COMPUTER SOFTWARE APPLICATION - CITS
These three concepts are closely interconnected
• Security and Control: Security measures include controls that are designed to safeguard systems and data.
Access controls, authentication mechanisms, encryption, and authorization processes are examples of
security controls.
• Security and Monitoring: Monitoring is essential to detect security breaches or unusual activities. Intrusion
detection systems, security information and event management (SIEM) systems, and network traffic analysis
tools are used to monitor and identify potential security threats.
• Monitoring and Control: Monitoring provides real-time data and insights that are used to implement control
measures. For instance, if a server’s performance metrics indicate high resource utilization, a control action
might involve reallocating resources to maintain optimal performance.
SNMP V2 and V3, RMON, RMON2
SNMP, which stands for Simple Network Management Protocol, was developed in 1988 by a consortium of
university researchers. Its primary purpose was to offer monitoring capabilities for devices connected across
TCP/IP-based networks. Just two years later, in 1990, SNMP earned recognition as an internet standard from the
Internet Architecture Board (IAB).
The SNMPv2 protocol standards introduced several endeavors to tackle the security concerns inherent in
SNMPv1. These efforts included the introduction of various security models like the party-based SNMPv2p, user-
based SNMPv2u, and the community-based SNMPv2c.
Despite these initiatives not completely rectifying the critical security issues, SNMPv2 did bring about several
enhancements over SNMPv1. Notably, it improved data retrieval capabilities through the inclusion of SNMP
GETBULK operations. Moreover, SNMPv2 retained the community-based security approach established by
SNMP.
SNMP V3
In the late 1990s, SNMPv3 was conceived, and by December 2002, it was ratified as a standard.
This version is delineated across RFCs 3410 to 3415. While SNMPv3 retains the fundamental SNMP management
system and operations from SNMPv1 and SNMPv2, it introduces a comprehensive security architecture.
This architecture is designed in a modular fashion, allowing specific components to be enhanced without
necessitating a complete overhaul.
SNMPv3’s framework encompasses several models:
1 Message Processing Model (SNMPv3)
2 User-Based Security Model
3 View-Based Access Control Model
This framework is structured to support multiple models concurrently and to facilitate gradual replacements over
time. For instance, although SNMPv3 introduces a new message format, it still supports messages created in
SNMPv1 and SNMPv2c formats. Similarly, the user-based security model can coexist with the previously used
community-based models. Additionally, SNMPv3 incorporates significant protocol updates
1 Enhanced Notification Support: SNMPv3 introduces a new notification type called INFORM. This type
resembles a TRAP but requires acknowledgment. If acknowledgment is absent, the INFORM is retransmitted.
2 Trap Filtering: SNMPv3 allows filtering of TRAPs at the sender’s end.
3 Dynamic Configuration: SNMP agents in SNMPv3 can be dynamically configured using MIB modules defined
in RFC 3584 and RFCs 3411 through 3415
SNMP utilizes port numbers 161 and 162 for transmitting instructions and messages. Specifically, the SNMP
agent employs port 161, while the SNMP manager operates through port 162.
25
CITS : IT&ITES - Computer Software Application - Lesson 01-17