Friday, August 15, 2014

PEM & SNMP

PEM & SNMP

PEM(Privacy Enhanced Mail)

This is a IETF standard , a result of a group working for a long time. The basic idea is have privacy by virtue of hierarchial authentication.  A receiver trusts the message of the sender when it i accompanied by a certificate from his trusted authority. These authoratative certificates are distributed from a group called Internet Policy Registration Authority (IPRA) and  Policy Certificate Authority (PCA). These trusted authority actually certifies the public key sent by senders. The mode of operation is as follows :
Ads By Play+Now+Radio
One difference with PGP is that it doesn't support compression.

SNMP(Simple Network Management Protocol)

A large network can often get into various kinds of trouble due to routers (dropping too many packets), hosts( going down) etc. One has to keep track of all these occurence and adapt to such situations. A protocol has been defined . Under this scheme all entities in the network belong to 4 class :
  1. Managed Nodes
  2. Management Stations
  3. Management Information (called Object)
  4. A management protocol
The managed nodes can be hosts,routers,bridges,printers or any other device capable of communicating  status information to others. To be managed directly by SNMP  , a node must be capable of running am SNMP management  process,  called SNMP agent.  Network management is done by management stations by exchanging information with  the nodes. These are basically general purpose computers running special management software.
The management stations polls the stations periodically . Since SNMP uses  unreliable service of UDP the polling is essential to keep in touch with the nodes. Often the nodes sends a trap message indiacting that it is going to go down. The management stations then periodically checks (with an increased frequaency) . This type of polling is called trap directed polling. Often a group of nodes are represented by a single node which communicate with the managemenet stations. This type of node is called proxy agent. The proxy agent can also server as a security arrangement.
All the variables in these scheme are called Objects. Each variable can be referenced by a specific addressing scheme adopted by this system. The entire collection of all objects is called Management Information Base (MIB). The adrressing is hierarchial as seen in the picture.
Ads By Play+Now+Radio
Internet is adressed as 1.3.61.  All the objects under this domain has this string at the beginning. The informations are exchanged in a standard and vendor-neutral way . All the data are represented in Abstract Syntax Notation 1 (ASN.1). It is similar to XDR as in RPC but it have widely different representation scheme. A part of it actually adopted in SNMP  and modified to form Structure Of Information Base. The Protocol specifies various kinds of messages that can be exchanged between the managed nodes and the management station.
                                      Message                                    Description
 1. Get_Request Request the value for a variable  
2.  Get_Response Returns the value of the variable asked for
3. Get_Next_Request      Request a variable next to the previous one 
4. Set_Request        Set the value of an Object.
5. Trap           Agent to manager Trap report
6. Get_bulk_request          Request a set of variable of same type
7. Inform_Request               Exchange of MIB among Management stations

The last two options has been actually added in the SNMPv2. The fourth option need some kind of authentication from  the management station.

 Addressing Example :

     Following is an Example of the kind of address one can refer to when fetching a value in the table :-
    (20) IP-Addr-Table = Sequence of IPAddr-Entry (1)
                IPAddrEntry = SEQUENCE {
                                       IPADDENTRYADDR    : IPADDR (1)
                                       Index                                    :  integer (2)
                                       Netmask                              :  IPAddr (3)                 }

     So when accessing the netmask of some IP-entity the variable name wld be :
                                                                            1.3.6.1.2.4.20 .1.3.key-value

     Here since Ip-address the unique key to index any member of the array the address can be like :-
                                                                              1.3.6.1.2.4.20.1.3.128.10.2.3

No comments:

Post a Comment