authorized manager, and that the message was not altered in transit. Note that the shared secret key between sending and receiving parties must be preconfigured by a configuration manager or a network manager, and loaded into the databases of the various SNMP managers and agents.

A separate “privacy facility” enables managers and agents to encrypt messages to prevent eavesdropping by third parties. Again, manager entity and agent entity must share a secret key. When privacy is invoked between a principal and a remote engine, all traffic between them is encrypted using the Data Encryption Standard (DES). The sending entity encrypts the entire message using the DES algorithm and its secret key, and sends the message to the receiving entity, which decrypts it using the DES algorithm and the same secret key.

Another facility, called “access control” makes it possible to configure agents to provide different levels of access to different managers. Unlike authentication, which is done by user, access control is done by group, where a group may be a set of multiple users.

While SNMPv3 provides secure communications between human managers and the various managed elements in a network it is not enough for security of web based applications. For this, Secure Socket Layer (SSL) protocol and its extension the Transport Layer Security (TSL) protocol extend SNMP features to web-based applications.

SSL – Secure Socket Layer

SSL is a protocol designed to enable encrypted, authenticated communications across the Internet, is used mostly in communications between web browsers and web servers. When a web URL begins with “https”, rather than “http”, this indicates that an SSL connection will be used, providing authentication, as well as privacy and message integrity (through encryption). Another way of explaining SSL is to say that it ensures that the information is sent, unchanged, only to the server to which the sender intended to send it, eliminating eavesdropping, tampering, and message forgery. SSL is use by online shopping sites, among other applications, to safeguard credit card information, and therefore, has already demonstrated a level of security that should be adequate and appropriate for industrial applications.

10

Page 11
Image 11
GarrettCom Ethernet Networks and Web Management manual SSL - Secure Socket Layer