节点文献
基于SNMPv3的安全网管技术研究
The Research of Some Technologies in Secure Network Management Based on SNMPv3
【作者】 翟纲;
【导师】 诸昌钤;
【作者基本信息】 西南交通大学 , 计算机应用技术, 2003, 硕士
【摘要】 随着以TCP/IP为核心的计算机信息网络的发展与普及,产生了对网络管理的巨大需求。尤其是异构的复杂网络环境,给网络管理带来了新的挑战,其中安全性尤为重要。如何实施高效安全的网络管理,已成为构建企业网络所最关心的问题。在当前的网管体系结构中,SNMP扮演了重要角色,它的版本逐渐从v1发展到v3。 本论文结合现代网管需求特征,研究基于SNMPv3的网络管理与安全策略,给出了一个基于SNMPv3的安全网管系统的具体实现。 首先,论文对SNMP的基础理论作了必要介绍,包括管理信息结构,管理信息库以及协议操作过程。然后,详细介绍了SNMPv3的框架结构,说明了其中各个模块的功能和新的消息格式。在此基础上,讨论了SNMPv3的安全性,包括加密鉴别机制以及合时性检测,重点介绍了基于用户的安全模型和基于视图的访问控制。 在介绍了基础理论之后,论文阐述了安全网管系统的实现方法,包括SNMP协议栈,用户管理程序和拓扑发现模块。协议栈使用COM开发,具有高效、资源占用少的特点。用户管理程序扩展了SNMPv3安全框架,并采用了新的密钥方案,安全性得到了很大提高。拓扑发现模块采用了一种层次化的拓扑发现方法,它使用了路由表算法和基于ARP的算法,高效实用。由于使用了灵活的结构,拓扑算法可以方便的加以替换。 设计模式是面向对象设计的经验总结,描述了一个特定的场景和针对它的解决方案。在安全网管系统的设计中,使用了很多设计模式,使得它更灵活、优雅,具有更好的复用性。 最后,根据网管的发展趋势,讨论了采用新技术时遇到的问题以及可能的解决方案。本论文的工作对后继开发具有一定的参考价值。
【Abstract】 As TCP/IP-based networks begin to reach everywhere in the society, the challenge of managing them becomes very important and demanding. In particular, the complexity in heterogeneous network environment brings network management many fresh problems, among which the most important is security. How to carry out operative and secure network management is a deep concern problem of enterprise network construction. Among the network management architectures, SNMP plays a significant role and its version has been developed from vl to v3.The thesis focuses on researching the secure policies of SNMPv3-based network management according to modern management needs, and proposes an implementation method of a secure network management system (SNMS) based on SNMPvS.In the first place, the paper introduces some knowledge about SNMP, include SMI (Structure of Management Information), MIB (Management Information Base) and protocol operations. Secondly, the architecture of SNMPvS is elaborated, the module function and new message format is also described. After that, the security in SNMPvS is discussed including privacy &authentication mechanism and time-window detection. The emphasis is put on USM (User-based Security Model) and VACM (View-based Access Control Model).Furthermore, the paper discusses the implementation of the SNMS, including SNMP protocol-stack, user-manage application andtopology-discovery module. The protocol-stack is developed using COM, which is high-performance and economical. In the user-manage application , the architecture of SNMPvS is extended, and a new privacy key scheme is employed, which make the application more secure. A layering way of topology discovery is introduced in topology-discovery module. The algorithm that uses Routing-Table method and APvP-based method is effective & applicable, and is easily replaced because of the flexible structure.Design Pattern is the experience in OOP, and elucidates a scene and a solution for it. In the design of SNMS, many design patterns are used, whichprovide flexible, elegant and reusable solutions.At last according to network management tendency, problems and possible solution when adapting new technology are discussed. All this could be a good reference for further development.
- 【网络出版投稿人】 西南交通大学 【网络出版年期】2003年 02期
- 【分类号】TN915.07
- 【被引频次】1
- 【下载频次】95