接入控制器安全网络管理系统的设计与实现

在讨论了接入控制器(AC)网络管理系统安全重要性的基础上,分析了SNMP协议的应用,包括对其3个版本SNMPv1、SNMPv2及SNMPv3的优缺点的对比,并解释了该设备网络管理系统采用SNMPv3版本的原因.详细介绍了AC所实现的管理信息库的内容,包括RFC1213协议、IEEE 802.1x协议、RMON协议、Web DHCP、EAP_OTP、EAP_MD5、EAP_TLS、EAP_SIM等多种认证协议以及网络管理系统的五大功能.最后阐述了AC安全网络管理系统结构的设计与实现.     

基于角色的动态访问控制在SNMPv3中的应用

SNMP是目前TCP/IP网络中应用最为广泛的网络管理协议.文中在介绍了SNMPv3协议的基本概念、体系结构以及安全特性的基础上,分析了目前SNMPv3安全机制的不足.在SNMPv3的基础上,扩展其访问控制模型,提出了一种以基于角色的动态访问控制模型来提高SNMPv3安全性的方案,使之具有简单、灵活、可用性强等特点.给出了具体的实现方法,并进行了仿真环境下的实验验证.验证结果表明,增强后的SNMPv3在访问控制方面更加符合实际需求,使用更方便.     

基于SNMPv3的安全网管的研究

介绍了SNMPv3的功能模块以及在安全管理方面的优势,重点讨论了基于用户的安全模型和基于视图的访问控制。提出了基于SNMPv3的安全网管系统的体系结构,给出了网管协议栈和用户管理的详细实现方案。     

OAM MIB: an end-to-end performance management solution for ATM

Current network management needs an end-to-end overview of various connections rather than the information that is purely local to the individual devices. The typical manager-centric polling approach, however, is not adequate to understand network-wide behavior of a large-scale broadband network. We propose a new management information base (MIB) approach, called operation, administration, and maintenance (OAM) MIB. The MIB provides a network manager with dynamic end-to-end management information by utilizing special standard ATM cells. The MIB makes end-to-end management feasible while it reduces management-related traffic and manager-to-manager interactions. In our model, a customer network management system accesses the MIB through M1/M2 reference points of the ATM Forum management architecture with simple network management protocol (SNMP)     

HFC机房监控设备Snmp管理数据库设计初探

针对HFC机房监控设备的管理需求,归纳整理管理数据的一般性,设计了HFC机房监控设备实现SNMP管理所需的管理数据库(MIB),并对此进行了详尽的说明,结合国家标准《HFC网络设备管理规范》(GB/T 20030-2005)中的相关MIB定义,可以完整地实现HFC机房监控设备SNMP管理代理服务器,从而使得对HFC机房监控设备的管理也可以像管理HFC设备一样,实现SNMP管理。     

SNMP and SNMPv2: the infrastructure for network management

The Simple Network Management Protocol is the most widely used protocol for the management of IP-based networks and internets. The original version, now known as SNMPv1, is widely deployed. SNMPv2 adds functionality to the original version but does not address its security limitations; this relatively recent standard has not achieved much acceptance. An effort is currently underway to develop SNMPv3, which will retain the functional enhancements of SNMPv2 and add powerful privacy and authentication features. This article provides a survey of the three versions of SNMP, including a discussion of the way in which management information is represented and the protocol functionality     

Building distributed management applications with the IETF ScriptMIB

Scalable and efficient management of today's fast growing networks requires distributed management systems. This paper introduces a classification of distributed management systems, followed by an overview of technologies for building such systems. One technology, the IETF Script MIB, is discussed in detail, including an implementation architecture and performance studies. Finally, application scenarios are presented, demonstrating how distributed management applications can be built by means of the IETF Script MIB     

SNMP代理模拟工具的设计与实现

简单网络管理协议(SNMP) 是目前应用最广泛的网络管理协议.文章设计了一种SNMP代理模拟工具,通过分析设备管理信息库(MIB)文件提供的设备信息、模拟代理和管理软件的通信,实现了对多厂商、多种类设备环境的模拟,满足了网管项目开发和测试过程中的环境需要.     

SNMPv3数据采集器DCP的研究与实现

依据SNMPv3的体系结构和安全特性,分析并给出SNMP v3数据采集器DCP(兼容SNMP v1/v2)的架构设计和工作流程,重点讨论了基于Java多线程机制和开源包SNMP4J实现DCP的技术要点,指出了DCP的应用方法和使用时应注意的问题,通过在安全性和效率方面所做的实验,比较分析了DCP与其他采集器的性能,DCP作为独立插件对开发各种网络安全管理平台提供了有力支持.     

基于以太网交换机平台的SNMP代理实现

网络管理是提高网络性能的有效方法,ＳＮＭＰ是当今最流行的网络管理协议。可管理交换机是交换机发展的趋势。本文介绍了基于以太网交换机平台的ＳＮＭＰ代理的实现。读者可以初步了解带有网络管理功能的交换机的硬件结构,ＭＩＢ库的构建,在Ｌｉｎｕｘ下ＳＮＭＰ代理软件的实现方法。同时,也介绍了在Ｌｉｎｕｘ下ＭＩＢ库的查询,守护进程的实现及Ｌｉｎｕｘ设备驱动的编写。     

机架式HFC设备管理代理的实现

描述了基于国标《HFC网络设备管理规范》的机架式HFC设备的SNMP代理实现方法。首先对《HFC网络设备管理规范》进行了简单介绍,指出了管理机架式HFC设备所要用到的国标中的相关MIB定义,然后根据机架式HFC设备的管理需求,参照国标的管理方法及SCTE的定义,自定义了机架式HFC设备模块的管理MIB,并对机架式HFC设备管理的公用部分MIB和光设备管理节点下的MIB进行了详细说明。     

A framework for network quality monitoring in the VoIP environment

Monitoring speech quality in Voice over IP (VoIP) networks is important to ensure a minimal acceptable level of speech quality for IP calls running through a managed network. Information such as packet loss, codec type, jitter, end‐to‐end delay and overall speech quality enables the network manager to verify and accurately tune parameters in order to adjust network problems. The present article proposes the deployment of a monitoring architecture that collects, stores and displays speech quality information about concluded voice calls. This architecture is based on our proposed MIB (Management Information Base) VOIPQOS, deployed for speech quality monitoring purposes. Currently, the architecture is totally implemented, but under adjustment and validation tests. In the future, the VOIPQOS MIB can be expanded to automatically analyze collected data and control VoIP clients and network parameters for tuning the overall speech quality of ongoing calls. Copyright © 2006 John Wiley & Sons, Ltd.     

SNMPv3网络安全管理研究

提出计算机网络管理面临的安全威胁，分析了简单网络管协议SNMPv3及其基于用户的安全模型USM的安全机制，最后总结SNMPv3有待考虑的问题并总体评价了SNMPv3的安全性。     

基于SNMPv3网络管理中的策略应用

基于策略的网络管理已经成为未来网络管理的主流方向。随着Internet的迅猛发展,SNMP的应用也越来越广泛。提出了基于策略的网络管理和基于SNMPv3的网络管理相融合的实现框架,并探讨了向VACM映射授权策略的规则。     

使用SNMPv2配合IPSec或SNMPv3实现安全网络管理

主要讨论的是如何在主干网上为SNMP提供安全性。通过比较SNMPv3内建的安全特性和SNMPv2配合IPSec这两种不同的实现方法,得出:在大型网络上,SNMPv2配合IPSec比SNMPv3在功能和性能上具有更多的优点。最后,提出将这两种实现方案配合使用的方法将更加适合大型主干网上对SNMP设备的管理。     

Supporting network management through distributed directory service

Directory systems have become a field of interest within the context of open systems. This is due to the various requirements raised by the scale of currently interconnected networks. The paper addresses several issues related to applying the X.500 directory service to network management. These include a comparison between the management information base (MIB) for management systems and the directory information base (DIB) for the directory services, a specification of how certain management information is incorporated into the underlying data model of the directory and an information exchange model for ensuring information accessibility to management activities. Some interesting benefits can be realized through integrating the X.500 directory into management systems. A concrete example of using a distributed directory service (DDS) in management illustrates the proposal     

SNMPv3网络管理中的安全机制研究

本文分析了SNMPv1存在的安全漏洞 ,并针对这些不足之处介绍了SNMPv3网络管理的基于用户的安全模型和基于视图的访问控制模型 ,详尽探讨了SNMPv3的认证、加密、时限、访问控制等安全服务机制 ,最后对网络的管理成本提出了一些看法     

In‐service QoS monitoring of real‐time applications using SM MIB

Current network management needs an end‐to‐end overview of various flows rather than the information that is purely local to the individual devices. The typical manager‐centric polling approach, however, is not suitable to understand network‐wide behavior of a large‐scale Internet. In this paper, we propose a new management information base (MIB) approach called Service Monitoring MIB (SM MIB). The MIB provides a network manager with dynamic end‐to‐end management information by utilizing special packets. The special packet is an Internet control message protocol (ICMP) application that is sent to a remote network element to monitor Internet services. The SM MIB makes an end‐to‐end management feasible while it reduces management‐related traffic and manager‐to‐manager interactions. Real examples show that the proposed SM MIB is useful for end‐to‐end QoS monitoring. We discuss the accuracy of the obtained data as well as the monitoring overhead. Copyright © 2004 John Wiley & Sons, Ltd.     

Security considerations in a network management environment

Considers the security aspects of communication between two management processes operating in different management domains; identifies two major risks: the security of information exchanged during the management association, and control of access to the management information base (MIB); and enumerates the various threats that must be guarded against and possible methods of attack. Security techniques, including symmetric and public key cryptosystems, are employed in the design of a method of achieving a secure management association. A scheme of authorization control for MIB access is developed. The management of an open system's network resources takes place in the context of a management association. The resources themselves are controlled by an agent process which presents a view of these resources to the outside world as a number of managed objects, each of which contains a number of attributes. The collection of objects presented to the outside world by the agent is known as the MIB. A manager process regulates the operation of the managed resources by engaging in a management association with the agent and instructing it to carry out simple operations on elements of the MIB. Within a single management domain where all processing nodes and network links are under the control of the same administration, security is not such a critical issue. However, when the management association takes place across the boundary between two separate management domains, and make use of public data networks, security issues must be considered in greater detail