Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Security considerations in a network management environment

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
1 Author(s)
O'Mahony, D. ; Trinity Coll., Dublin, Ireland

Considers the security aspects of communication between two management processes operating in different management domains; identifies two major risks: the security of information exchanged during the management association, and control of access to the management information base (MIB); and enumerates the various threats that must be guarded against and possible methods of attack. Security techniques, including symmetric and public key cryptosystems, are employed in the design of a method of achieving a secure management association. A scheme of authorization control for MIB access is developed. The management of an open system's network resources takes place in the context of a management association. The resources themselves are controlled by an agent process which presents a view of these resources to the outside world as a number of managed objects, each of which contains a number of attributes. The collection of objects presented to the outside world by the agent is known as the MIB. A manager process regulates the operation of the managed resources by engaging in a management association with the agent and instructing it to carry out simple operations on elements of the MIB. Within a single management domain where all processing nodes and network links are under the control of the same administration, security is not such a critical issue. However, when the management association takes place across the boundary between two separate management domains, and make use of public data networks, security issues must be considered in greater detail.<>

Published in:

Network, IEEE  (Volume:8 ,  Issue: 3 )