Management Protocols


The Simple Network Management Protocol (SNMP) is currently the most widely used management protocol. Early versions of SNMP restrict management access via community strings. A community string is specified by a management host (commonly called a management station) when connecting to a managed device. The managed device grants the management station access to configuration and state information based on the permissions associated with the specified community string. Community strings may be configured to grant read-only or read-write access on the managed device. Early versions of SNMP transmit community strings as clear text strings (said to be "in the clear"). SNMP version 3 (SNMPv3) replaces the community string model with a user-based security model (USM). SNMPv3 provides user authentication and data confidentiality. IETF RFC 3414 defines the USM for SNMPv3.

The Telnet protocol is very old. It is a staple among IP-based application protocols. Telnet was originally defined through a series of IETF RFCs in the 1970s. The most current Telnet specification is RFC 854. Telnet enables access to the command line interface (CLI) of remote devices. Unfortunately, Telnet operates in the clear and is considered insecure. Multiple security extensions have been defined for Telnet via a large number of RFCs. Telnet now supports strong authentication and encryption options. A suite of Unix commands (collectively called the R-commands) provides similar functionality to Telnet, but the suite of R-commands operates in the clear and is considered insecure. The suite includes Remote Login (RLOGIN), Remote Shell (RSH), Remote Command (RCMD) and Remote Copy (RCP) among other commands. Another protocol called Secure Shell (SSH) was developed by the open source community in the late 1990s to overcome the security limitations of Telnet and the suite of R-commands. The most commonly used free implementation of SSH is the OpenSSH distribution. SSH natively supports strong authentication and encryption. Among its many features, SSH supports port forwarding, which allows protocols like Telnet and the R-command suite to operate over an encrypted SSH session. The encrypted SSH session is transparent to Telnet and other forwarded protocols.

The File Transfer Protocol (FTP) is commonly used to transfer configuration files and system images to and from infrastructure devices such as switches, routers, and storage arrays. FTP supports authentication of users, but authentication is accomplished by sending user credentials in the clear. Once a user is authenticated, the user may access the FTP server. In other words, successful authentication implies authorization. No mechanism is defined for the user to authenticate the server. Additionally, data is transferred in the clear. To address these security deficiencies, IETF RFC 2228 defines several security extensions to FTP. The extensions provide secure bi-directional authentication, authorization, data integrity, and data confidentiality. Any or all of these extensions may be used by an FTP implementation. Secure implementations of FTP should not be confused with the SSH File Transfer Protocol (SFTP). SFTP is in the development stage and is currently defined in an IETF draft RFC. However, SFTP is already in widespread use. Despite its misleading name, SFTP is not FTP operating over SSH. SFTP is a relatively new protocol that supports many advanced features not supported by FTP. SFTP provides a secure file transfer service and implements some features typically associated with a file system. SFTP does not support authentication. Instead, SFTP relies on the underlying secure transport to authenticate users. SFTP is most commonly used with SSH, but any secure transport can be leveraged. Another option for moving configuration files and system images is the RCP command/protocol. As previously stated, RCP operates in the clear and is considered insecure. The Secure Copy (SCP) command/protocol is based on RCP, but SCP leverages the security services of SSH. SCP is not currently standardized.

Note

FTP deployed with security extensions is generically called secure FTP. However, secure FTP is not abbreviated as SFTP. SSH File Transfer Protocol is officially abbreviated as SFTP. Note that the Simple File Transfer Protocol is also officially abbreviated as SFTP. Readers are encouraged to consider the context when the acronym SFTP is encountered.





Storage Networking Protocol Fundamentals
Storage Networking Protocol Fundamentals (Vol 2)
ISBN: 1587051605
EAN: 2147483647
Year: 2007
Pages: 196
Authors: James Long

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net