PEM & SNMP
PEM(Privacy Enhanced Mail)
This is a IETF standard , a result of a group working for a long time. The basic idea is have privacy by virtue of hierarchial authentication. A receiver trusts the message of the sender when it i accompanied by a certificate from his trusted authority. These authoratative certificates are distributed from a group called Internet Policy Registration Authority (IPRA) and Policy Certificate Authority (PCA). These trusted authority actually certifies the public key sent by senders. The mode of operation is as follows :SNMP(Simple Network Management Protocol)
A large network can often get into various kinds of trouble due to routers (dropping too many packets), hosts( going down) etc. One has to keep track of all these occurence and adapt to such situations. A protocol has been defined . Under this scheme all entities in the network belong to 4 class :- Managed Nodes
- Management Stations
- Management Information (called Object)
- A management protocol
The management stations polls the stations periodically . Since SNMP uses unreliable service of UDP the polling is essential to keep in touch with the nodes. Often the nodes sends a trap message indiacting that it is going to go down. The management stations then periodically checks (with an increased frequaency) . This type of polling is called trap directed polling. Often a group of nodes are represented by a single node which communicate with the managemenet stations. This type of node is called proxy agent. The proxy agent can also server as a security arrangement.
All the variables in these scheme are called Objects. Each variable can be referenced by a specific addressing scheme adopted by this system. The entire collection of all objects is called Management Information Base (MIB). The adrressing is hierarchial as seen in the picture.
Message | Description |
1. Get_Request | Request the value for a variable |
2. Get_Response | Returns the value of the variable asked for |
3. Get_Next_Request | Request a variable next to the previous one |
4. Set_Request | Set the value of an Object. |
5. Trap | Agent to manager Trap report |
6. Get_bulk_request | Request a set of variable of same type |
7. Inform_Request | Exchange of MIB among Management stations |
The last two options has been actually added in the SNMPv2. The fourth option need some kind of authentication from the management station.
Addressing Example :
Following is an Example of the kind of address one can refer to when fetching a value in the table :-(20) IP-Addr-Table = Sequence of IPAddr-Entry (1)
IPAddrEntry = SEQUENCE {
IPADDENTRYADDR : IPADDR (1)
Index : integer (2)
Netmask : IPAddr (3) }
So when accessing the netmask of some IP-entity the variable name wld be :
1.3.6.1.2.4.20 .1.3.key-value
Here since Ip-address the unique key to index any member of the array the address can be like :-
1.3.6.1.2.4.20.1.3.128.10.2.3
No comments:
Post a Comment