beautypg.com

GarrettCom Ethernet Networks and Web Management User Manual

Page 11

background image

authorized manager, and that the message was not altered in transit. Note that the shared secret key

between sending and receiving parties must be preconfigured by a configuration manager or a network

manager, and loaded into the databases of the various SNMP managers and agents.

A separate “privacy facility” enables managers and agents to encrypt messages to prevent

eavesdropping by third parties. Again, manager entity and agent entity must share a secret key. When

privacy is invoked between a principal and a remote engine, all traffic between them is encrypted

using the Data Encryption Standard (DES). The sending entity encrypts the entire message using the

DES algorithm and its secret key, and sends the message to the receiving entity, which decrypts it

using the DES algorithm and the same secret key.

Another facility, called “access control” makes it possible to configure agents to provide different

levels of access to different managers. Unlike authentication, which is done by user, access control is

done by group, where a group may be a set of multiple users.

While SNMPv3 provides secure communications between human managers and the various managed

elements in a network it is not enough for security of web based applications. For this, Secure Socket

Layer (SSL) protocol and its extension the Transport Layer Security (TSL) protocol extend SNMP

features to web-based applications.

SSL – Secure Socket Layer

SSL is a protocol designed to enable encrypted, authenticated communications across the Internet, is

used mostly in communications between web browsers and web servers. When a web URL begins

with “https”, rather than “http”, this indicates that an SSL connection will be used, providing

authentication, as well as privacy and message integrity (through encryption). Another way of

explaining SSL is to say that it ensures that the information is sent, unchanged, only to the server to

which the sender intended to send it, eliminating eavesdropping, tampering, and message forgery.

SSL is use by online shopping sites, among other applications, to safeguard credit card information,

and therefore, has already demonstrated a level of security that should be adequate and appropriate for

industrial applications.

10

See also other documents in the category GarrettCom Computer Accessories: