|
|
Do I have to download another product to use the privacy functions in the WebNMS SNMP API?
What are the products that can provide privacy support for WebNMS SNMP API?
How do I use the privacy support products in my development and testing?
What is "security properties not found. using defaults" message?
When I encrypt a PDU, I get a "java no class def" exception for the class java.security.Cipher. Why does this happen?
What does a proxy forwarder application do? When and why is it used?
1. What is the primary goal of SNMPv3?
The primary goal of SNMPv3 is to define a secure version of SNMP. SNMPv3 provides a secure environment for system management and network management.
2. What are the security goals of SNMPv3?
SNMPv3 is designed to protect against the following.
Modification of Information - Protection against some unauthorized SNMP entity altering in-transit SNMP messages generated on behalf of an authorized principal.
Masquerade - Protection against attempting unauthorized management operations by assuming the identity of another principal that has the appropriate authorizations.
Message Stream Modification - Protection against messages getting maliciously re-ordered, delayed or replayed in order to effect unauthorized management operations.
Disclosure - Protection against eavesdropping on the exchanges between SNMP engines.
3. What are the different levels of security in SNMPv3?
SNMPv3 provides the following three levels of security.
No authentication and no privacy (noAuthNoPriv)
Authentication but no privacy (authNoPriv)
Authentication and privacy (authPriv)
A request can be made on behalf of a user with any one of the above security levels.
4.How does WebNMS SNMP API support privacy functions?
The privacy functions are supported by encryption. For the encryption routines, the java.security package is used. The Java Cryptography Architecture introduces the notion of Cryptographic Service Provider. This term refers to a set of packages that supply a concrete implementation of a subset of the cryptography aspects of the JDK Security API.
The API uses any of the standard third party implementation of the JDK security API.
5. Do I have to download another product to use the privacy functions in the WebNMS SNMP API?
Yes.
The Java Security API is designed to allow developers to incorporate both the low-level and high-level security functionality into their programs. The Java Cryptography Extension 1.2 (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects.
JCE 1.2 is designed so that other cryptography libraries can be plugged in as a service provider, and new algorithms can be added in a seamless way so that users have the choice of choosing their own security providers. Refer http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html for further details.
7. What are the products that can provide privacy support for WebNMS SNMP API?
The JCE 1.2 is a standard extension of the JDK platform. JCE 1.2 supplements the cryptographic services defined in the Java Development Kit 1.2 (JDK) by adding support for ciphers, key agreement, and MAC codes. Together, the JCE and the cryptography aspects of the JDK provide a complete, platform-independent cryptography API. The JCE is released separately as an extension to the JDK, in accordance with US export control regulations. You can download it from http://java.sun.com/products/jce/. However, JCE 1.2.1 is now bundled with JDK 1.4 (and above).
In case you have problems with US export restrictions, you can try any of the other implementations mentioned in http://java.sun.com/products/jce/jce12_providers.html. We have tested it using Cryptix - available at http://www.cryptix.org which provides an implementation of JCE1.2. Refer
8. How do I use the privacy support products in my development and testing?
Refer Setting Up Environment for SNMPv3 for further details.
9. What is "security properties not found. using defaults." message?
The security classes depend on the existence of the java.security file present in jdk1.1/lib/security directory. When you install cryptix package, it is added as a security provider in this file. If the JAVA_HOME_DIR is wrong for some reason and the initialization routines do not find this file, you receive this message. Fix the JAVA_HOME_DIR environment variable to fix this.
10. When I encrypt a PDU, I get a "java no class def" exception for the class java.security.Cipher. Why does this happen?
This package uses Cryptix product (for JDK 1.1.6) or JCE (for JDK 1.2) for the privacy communications. The cryptix package depends on JDK1.1 Java Cryptography extensions. Therefore, to use the cryptix package and privacy modules, you need to compile the cryptix distribution of Java security classes which is a part of the cryptix source distribution. These particular classes belong to java.security package and are not part of the Sun's JDK distribution. If you use jdk1.2, the above message may be slightly different. Please refer the Setting Up Environment for SNMPv3 for further details.
11. What does a proxy forwarder application do? When and why is it used?
A proxy forwarder application forwards SNMP messages to other SNMP engines according to the context irrespective of the specific managed object types being accessed. It also forwards the response to such previously forwarded messages back to the SNMP engine from which the original message was received.
A proxy forwarder is used when an agent that supports a lower version (say v1) needs to respond to any request with a higher version (say v2). For example, a v2 request is sent from the manager to an intermediate agent which in turn sends a v1 request to the agent. Again the response from the v1 agent is sent to the intermediate agent which in turn sends the response back as a v2 response. Similarly, proxy forwarder can be used when a certain set of OIDs need to be answered by the proxy agent.
|
|