SNMPv3 Wes Hardaker Network Associates Laboratories 6 August 2002 [email protected].

SNMPv3

Wes Hardaker

Network Associates Laboratories

6 August 2002

[email protected]

Aug 6, 2002

, CERT Conference 2002: SNMPv3

Overview

• About SNMP in General

• SNMPv3 Architecture Breakdown

• User Based Security

• View Based Access Control

• Future of SNMP

• Summary & Questions

Aug 6, 2002


Author’s Background

• Past:– Lead developer of the Net-SNMP open source project

– Developer of the OpenSNMP toolkit

• Present:– Project lead in a scalable IPSec policy management system

build on top of SNMPv3.

• Future:– Participating in various IETF working groups responsible for

continuing development of SNMP technologies.

• Apologetic:– Not all the slides in this presentation are in your hand out.

– http://www.net-snmp.org/presentations/snmpv3/

Aug 6, 2002


About SNMP

“Simple Network Management Protocol”-- RFC 1157

“SNMP: Can I buy a vowel?”--Harrie Hazewinkel

Aug 6, 2002


SNMP Overview: What is SNMP?

• Treats the network as a distributed database

Management

Station

Computer

Router

Aug 6, 2002


SNMP Database example: netshnetsh> select ifIndex, ipAdEntIfIndex, ifDescr,

ipAdEntAddr, ifOperStatus

from ifTable, ipAddrTable

where ifIndex = ipAdEntIfIndex

+-------+--------------+-------+-----------+------------+

|ifIndex|ipAdEntIfIndex|ifDescr|ipAdEntAddr|ifOperStatus|

+-------+--------------+-------+-----------+------------+

| 1| 1| lo| 127.0.0.1| up|

| 2| 2| sit0| 0.0.0.0| down|

| 3| 3| vmnet1|172.16.80.1| up|

+-------+--------------+-------+-----------+------------+

Aug 6, 2002


SNMP Overview

• Network monitoring and Information Collection

GET: What is in your routing table?

Aug 6, 2002


SNMP Overview

• Network Configuration

SET: Add a route to your routing table

Aug 6, 2002


SNMP Overview

• Alarms and Event conditions

TRAP or INFORM: HELP!!!!

Aug 6, 2002


Terminology

• SNMP: the protocol itself

• MIB: the specification defining a particular piece of data to be transferred over SNMP

• SMI: the language a MIB is written in– It is not ASN.1, contrary to what many people think.

• OID / “Object Identifier”: A hierarchical naming scheme using number assignment.– .1.3.6.1.2.1.1.4.0 = You (the system contact for a device)

– .iso.org.dod.internet.mgmt.mib-2.system.sysContact.0

Aug 6, 2002


SNMP Standards Timeline

• SNMPv1 created in 1988– Officially a “Full Standard”

• SNMPv2c added a few things in 1996– SNMPv2c MSG Format classified as experimental

– PDUs, etc, classified as a “FULL Standard”

• SNMPv3 added security in 1999– Currently a “Draft” standard

– Approved as a “Full Standard”, but not published yet

• SNMPv2p, SNMPv2u, SNMPv2*:– secure protocol versions that didn’t make the cut.

Aug 6, 2002


SNMPv1 and SNMPv2c message format

SNMPv1/SNMPv2c Message { version snmpv1=0 snmpv2c=1 community STRING PDU (operation) {

request-id INTEGER error-status INTEGER error-index INTEGER

variable-bindings {OID, VALUE…

} }}

Aug 6, 2002


SNMPv1 and SNMPv2c problems

• Community strings for authentication

== Clear Text Passwords

• Community strings also used for “context”– Accessing data in a certain “context” is difficult

• No Standardized Method for Access Control– No consistent method to configure communities across a

network of many devices.

– Most were devices manually configured, or worse, left with their default settings intact.

kingdom keys:“public”, “private”

Aug 6, 2002


SNMPv1 example:% snmpget -d -v 1 -c public localhost sysUpTime.0

Sending 43 bytes to 127.0.0.1

0000: 30 29 02 01 00 04 06 70 75 62 6C 69 63 A0 1C 02 0).....public ..

0016: 04 2C 78 27 BC 02 01 00 02 01 00 30 0E 30 0C 06 .,x'¼......0.0..

0032: 08 2B 06 01 02 01 01 03 00 05 00 .+.........

Received 45 bytes from 127.0.0.1

0000: 30 2B 02 01 00 04 06 70 75 62 6C 69 63 A2 1E 02 0+.....public¢..

0016: 04 2C 78 27 BC 02 01 00 02 01 00 30 10 30 0E 06 .,x'¼......0.0..

0032: 08 2B 06 01 02 01 01 03 00 43 02 11 0F .+.......C...

sysUpTimeInstance = Timeticks: (4367) 0:00:43.67

Aug 6, 2002


Goals behind SNMPv3

• Security

• Security

• Security

• Provide modularity in the architecture– Replacing new elements in the future should be easier.

– Modularity = many IETF RFCs

• Separate “context” of the request from the authentication

Aug 6, 2002


Aside: CERT Advisery CA-2002-03

• SNMP uses BER encoded packets.

• BER has a bunch of flexible rules which allow strangely encoded, but legal packets.

• The failing was in the parsing of the BER encoding, NOT in the SNMP protocol.– SNMPv1 was the only packet format tested.

– It’s likely most vendors also fixed SNMPv3 parsing too.

– The university that produced the results has been testing various BER-based protocols.

Started with LDAP.

Next? Only they know. Kerberos?

Aug 6, 2002


SNMPv3 Architecture

“The architecture is designed to be modular to allow the evolution of the Framework over time.”

-- RFC 2570 & RFC 2571

Aug 6, 2002


SNMPv3: Standards Breakdown

• RFC2570: SNMPv3 Overview

• RFC2571: Architecture

• RFC2572: Message Processing

• RFC2573: Applications

• RFC2574: User-based Security Model

• RFC2575: View-based Access Control Model

• RFC2576: v1/v2c/v3 Coexistence / Transition

• RFC2578-80:SMIv2 -- Language of the MIBs

• RFC1157: SNMPv1

• RFC1901,5: SNMPv2

• ...

Aug 6, 2002


SNMPv3: Framework Architecture

Dispatcher Message Processing

Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

SNMPv3 Engine

Aug 6, 2002


SNMPv3: Framework Architecture


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


SNMPv3: Applications (RFC 2573)

• Application “types” have been formally defined:– CG: Command Generator (was: Manager)

– CR: Command Responder (was: Agent)

– NG: Notification Generator

– NR: Notification Responder

– PF: Proxy Forwarder (not shown in diagram)

• An application can be of multiple types– An agent is typically a CR and a NG

– A mid level manager is likely a CG, CR, NG, and NR

(and maybe a PF)

Aug 6, 2002


SNMPv3 Protocol Packet BreakdownSNMPv3Message { Version INTEGER (snmpv3 = 3) HeaderData { msgID INTEGER MaxSize INTEGER Flags STRING SecurityModel INTEGER (USM = 3) } UsmSecurityParameters STRING { AuthoritativeEngineID STRING, AuthoritativeEngineBoots INTEGER AuthoritativeEngineTime INTEGER UserName STRING AuthenticationParameters STRING PrivacyParameters STRING } ScopedPduData { contextEngineID STRING, contextName STRING, PDU SNMPv2 PDUs }}

MSG Processor

Dispatcher

Application

Security Model

Aug 6, 2002


SNMP Overview

• Network monitoring and Information Collection

GET: What is in your routing table?

RESPONSE: It’s …

Aug 6, 2002


SNMPv3 Example: Generating a Request


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


SNMPv3 Example: Receiving a Request


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


SNMPv3 Example: Generating a Response


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


SNMPv3 Example: Receiving a Response


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


Architecture Components

“The major portions of the architecture are an SNMP engine containing a Message Processing Subsystem, a Security Subsystem and an Access Control Subsystem, and possibly multiple SNMP applications which provide specific functional processing of management data..”

-- RFC 2571

Aug 6, 2002


The Dispatcher


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


The Dispatcher (RFC 2572)

• The simplest component of the architecture

• Directs packets to and from the other elements:– Application or agent

CG, CR, NG, NR

– The Network (through the appropriate transport layer)

– The correct message processor

• Makes it’s decision based on:– What component sent it

– What protocol version is being sent

– What type of PDU is being sent

• Knowledge of it not required by the typical user

Aug 6, 2002


The Message Processor

Dispatcher Message Processor

Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


The SNMPv3 Message Processor (RFC 2572)

• Encodes and decodes the majority of the packet

• Handles errors and exceptions– Message too big to fit in a packet

– Parse errors are detected

– ...

• Passes to appropriate security model for authentication and encryption support.– (Currently, the only defined security model is the USM)

• Knowledge of it not required by the typical user

Aug 6, 2002


Security Model


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


Security Model

• Authenticates packets to ensure/verify origin– Current authentication methods

• Provides message encryption/decryption support– The ScopedPDU can be protected by encryption

• Makes it’s decisions based on packet data:– EngineID, Engine Boots, Engine Time

– User Name

– Authentication field

– Privacy field

• Currently only one standard security model exists– The “User Based Security Model”, or USM

Aug 6, 2002


User Based Security: USM (RFC 2574)

• The User Based Security model provides:– Authentication via MD5 or SHA1 hash

The hash verifies the authenticity of the entire v3 message.

Modified or forged packets will be rejected

– Encryption via DES encryption

The ScopedPDU is encrypted (basically, the payload)

– 3 levels of security: noAuthNoPriv, authNoPriv, authPriv

• It does not provide protection against:– Denial of Service

– Traffic Analysis

Aug 6, 2002


USM: About EngineIDs, etc...

• EngineIDs are:– A unique “string” of data

– Generally defined from one of:

IPv4 address

IPv6 address

MAC address

Administratively defined strings

Implementation dependent

• EngineBoots: number of reboots

• EngineTime: Time since last initialized

• Information is automatically probed by protocol.

Aug 6, 2002


USM: A User is...

• A USM User is defined by:– The EngineID of the authoritative engine

– The SecurityName of the user (i.e., user name)

– The authentication type (MD5 or SHA1) and key

– The privacy type (DES) and key

• A user is modifiable via SNMP SET operations:– Authentication and privacy keys can be changed.

– Encryption types and authentication types can not be changed without deleting and recreating the user

Aug 6, 2002


USM: The Authoritative Engine

• Only one side of a transaction is “authoritative”– Authoritative side == where the master user key exists

– Typically this means: the SNMP agents are authoritative

– The authoritative side is defined by whether the packet being sent is expecting a response or not.

An odd effect of this is:

The engine receiving SNMPv3 INFORMs, which expect a “I got it” response, are authoritative.

The engine sending SNMPv3 TRAPs, which don’t require a response, are authoritative.

Ick.

Aug 6, 2002


USM: Keys

• USM Keys used to authenticate and encrypt messages are generated:– A password hashed using the authentication algorithm

(maybe)

– The resulting hash is then re-hashed after mixing it with the authoritative engineID.

• This means:– All user keys are different on each host

– Pro: A cracked system’s keys can’t be used to gain access to other systems.

– Con: Distributing keys to many systems is difficult

Aug 6, 2002


USM: Keys

Password

Ku: Master Key

Kul1: Local Key 1 Kul2: Local Key 2 Kul3: Local Key 3

Management

Application

Aug 6, 2002


USM: The math behind the keys

PassLong = repeat(password) till 1Mb long

Ku = hash(PassLong)

Kul = hash(Ku | authEngineID | Ku)

• Notes:– Passwords must be at least 8 characters long

– Ku need not be generated from a password, but can be generated randomly instead.

Protects against brute-forcing low entropy passwords

– Hash is currently one of: MD5, SHA1

Aug 6, 2002


Access Control


Security

UDP TCP ...

SNMPv3 MP

SNMPv1

...

User-based (USM)

Kerberos

Network

Applicationor Agent

Access ControlVACM

...CG CR NG NR

...

Aug 6, 2002


Access Control

• Decides if a particular “object instance” may be accessed or not.

• Consulted by the CR and NG application types

• Currently, only one access control model exists:– The View-Based Access Control Module (VACM)

Aug 6, 2002


View Based Access Control (RFC 2575)

• Bases access control decisions on:– Operation type (read, write, notify)

– Security model

– User performing the action

Users are placed into a “group” and the groups are assigned the rights, not the user.

– Security level of the transaction (authenticated? encrypted?)

– Object OID being accessed (and the context information)

– OID ranges are “included” or “excluded” from view

• I wish:– Value of the object being accessed

– Users could be assigned to multiple groups (unix-like)

Aug 6, 2002


VACM: Access based on OID tree

1

2

1 2 3 4

1 2 3 1 2 3

Include .1.2

Exclude .1.2.2

Include .1.2.2.3

Objects “excluded” are

simply “not visible”

Simple Wild-carding

not shown, but possible

Aug 6, 2002


The Future of SNMP

• Other security work:– AES encryption for the USM

– USM alternatives: kerberos, …

• New protocol PDU operations (EoS WG):– Better bulk retrieval

– Better write transaction handling

– Better data compression

– Easier row operations (creation, deletion, …)

• A new SMI (SMIng WG):– Hierarchical Data Definition Language

– Easier to write

– Easier to read

Aug 6, 2002


Summary

• SNMPv1, v2c: bad, no security

• SNMPv3: better, has security

• Start switching to SNMPv3 now.– Almost FULL standard

– Most vendors support it

• SNMPv3 is modular in design

Aug 6, 2002


Conclusion

Questions?

Wes Hardaker <[email protected]>

SNMPv3 Wes Hardaker Network Associates Laboratories 6 August 2002 [email protected].

Documents

Transcript of SNMPv3 Wes Hardaker Network Associates Laboratories 6 August 2002 [email protected].