Hp Secure Key Manager Manuale Utente Pagina 191
- Pagina / 327
- Indice
- RISOLUZIONE PROBLEMI
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
SNMPv1/v2 rely on the concept of a community to provide a low level of security for communications
between the NMS and agent. In an HP SNMPv1/v2 deployment, each SNMP request packet includes
a community name, which is similar to a password and is associated with a certain MIB access level.
When the SKM receives a request, the agent looks for the community name in its table. If the name is
found and the source IP of the sender is in the access list for the community, the request is accepted and
the MIB information is sent. If the name is not found or the source IP address is not in the access list,
the request is denied.
Because SNMPv1/v2 cannot authenticate the source of a management message or provide encryption, it
is possible for unauthorized users to perform SNMP network management functions. Likewise, it is also
possible for unauthorized users to eavesdrop on management information as it passes from agents to
the NMS. SNMPv3 incorporated all the capabilities of SNMPv1/v2, and introduced the concept of a
User–based Security Model (USM), which consists of two important services: authentication and privacy.
Additionally, SNMPv3 enhanced the existing View Access Control Model (VACM).
Authentication
The authent
ication piece of the USM ensures that a message was sent by the agent or NMS whose
identifier
appears as the source in the message header. Authentication also ensures that the message
was not alt
ered, artificially delayed, or replayed.
In SNMPv3, the agent and NMS share a key that is based on the username and password supplied when
the username is created. The sender provides a means for authentication to the receiver by including a
MAC with the SNMPv3 message it is sending. When the receiver gets the message, it uses the same
secret key to recompute the MAC. If the receiver’s version of the code matches the value appended to
the incom
ing message, then the receiver knows that the message originated from an authorized sender,
and that the message was not altered in transit.
Privacy
The privacy piece of the USM allows managers and agents to encrypt messages to prevent
eavesdropping. As is the case with authentication in SNMPv3, both the NMS and the agent must share a
secret key. When an NMS and agent are configured for privacy, all traffic between them is encrypted
with the DES algorithm. The sender encrypts all messages with the DES algorithm and its secret key, and
sends the message to the receiver, who decrypts it using the DES algorithm and the same secret key.
Access
control
Access control in SNMP makes it possible for agents to provide different levels of MIB access to different
managers. You can restrict access by allowing one NMS to view only standard MIBs and another NMS
to view
both standard MIBs and Enterprise MIBs.
SNMP concepts
Before discussing how SNMP is configured on the SKM, it is important that a few terms are understood.
Management Station: A network management station (NMS) is a node on the network that runs SNMP
manager software. The NMS monitors network devices by polling agents, sending responses to inform
notifications sent by agents, and listening for unsolicited, asynchronous (UDP) messages from the agents.
Agent: An agent is a device on the network that is running SNMP agent software. The agent is able
to communicate with the NMS to provide information about security, performance, system health,
statistics, etc.
Entity: An SNMP entity simply refers to an agent or an NMS. Both the agent and the NMS consist of
a variety of applications and services; however, for the sake of simplicity, this documentation does
not attempt to describe all the component parts.
Engine: Core SNMP software around which you can build an agent or NMS. For the sake of simplicity,
Engine and Entity are used interchangeably.
Engine ID: Unique identifier for an SNMP entity.
Secure Key Manager
191
- HP StorageWorks 1
- Secure Key Manager 1
- Contents 3
- 1 Installing and replacing 21
- Rack planning r 22
- Optimum environment 23
- Power requirements 24
- Unpacking 25
- Selecting a rack location 26
- Removing an exi 27
- Attaching the cables 28
- 2Configuring the system 31
- Configuring the system 32
- Setting up the 34
- Establishing a cluster 37
- Creating the cluster 38
- Copying the certificates 41
- Installing t 42
- 3Performingconfiguration and 43
- Downloading an RSA key 44
- Deleting a key 44
- User and group procedures 45
- Creating a group 46
- Adding a user to a group 46
- Removing a user from a group 46
- Deleting a user 46
- LDAP server procedures 47
- Certificate procedures 48
- Secure Key Manager 49 49
- Creating a client certificate 50
- Installing a certificate 51
- Installing a certificate chain 52
- Downloading a certificate 52
- Downloading a local CA 54
- Deleting a local CA 55
- Creating a local CA 55
- Creating 55
- Installing a CA certificate 56
- Removing a CA certificate 56
- FIPS status server procedures 57
- KMS server procedures 57
- Enabling the LDAP server 58
- Clustering procedures 59
- Setting up SSL in a cluster 60
- Date and time procedures 61
- IP authorization procedures 62
- SNMP procedures 63
- Setting up the LDAP schema 65
- Changing your password 65
- Granting cr 67
- Revoking a credential grant 67
- Log configurati 80
- Log view procedures 82
- 4. Click Display Log 83
- 5. Click Clear 83
- 4MaintainingtheSKM 85
- Backup and resto 86
- Create Backup: Device Items 87
- Components Description 88
- Restore Backup 89
- Backup Restore Information 90
- Internal Backup List 91
- Services Configuration page 92
- Restart/Halt 93
- System Informa 94
- Software Upgrade/Install 95
- System Health page 96
- Power Supp 97
- Network Diagnostics page 98
- Traceroute Info 99
- Host Information 99
- Netstat Information 99
- Reading Netsta 100
- Logging in and out 103
- Using the Home tab 103
- System Summary 104
- Search sc 105
- Filtering sections 107
- Accessing the Help system 107
- Using the Management Console 108
- Key Properties 111
- Versioned keys 112
- Group Permissions 113
- Custom Attributes 114
- RSA Public Key 115
- Create Query 116
- Modify Query 117
- Create Key 118
- Clone Key 119
- Import Key 120
- Authorization P 122
- Authorized Usage Periods 124
- Active Versions 125
- Custom Key Attributes 125
- Local Users 127
- Selected Local User 128
- Local Groups 129
- Local Group Properties 130
- User List 130
- LDAP Server Confi 131
- LDAP Sche 132
- LDAP Users 134
- LDAP Groups 135
- Certificate List 136
- Certificate Installation 139
- Self Signed Certificate 140
- Create Certificate Request 141
- The Default Profile 144
- CA Certificate 146
- Properties 146
- Sign Certificate Request 147
- Signed Certificates 148
- Signed Certificate Information 149
- Create Local CA 150
- CA Certificate List 151
- Install C 152
- ACertificate 152
- Local CAs 153
- Auto-Update 154
- Force Periodic Update 154
- Related CLI Commands 154
- Advanced Security overview 155
- FIPS Compliance 156
- High Security Settings 157
- High Security Procedures 159
- FIPS Status Server overview 160
- FIPS Status Report 161
- FIPS Status Server page 163
- SSL overview 164
- SSL Sections 165
- SSL Cipher Order 166
- Configuring the K 168
- MS Server 168
- KMS Server Settings 169
- Figure 101 Vi 171
- The followin 171
- Health Check overview 173
- Health Check sections 173
- Configuring the cluster 174
- The Cluster Key 175
- Cluster Configuration page 176
- Cluster Settings 177
- Create Cluster 178
- Join Cluster 179
- ConfiguringtheDate&Time 180
- Date and Time Settings 181
- Configuring the network 182
- Network Interf 183
- Gateways & 183
- Routing sections 183
- Static Route List 185
- Hostname & DNS sections 186
- Port Speed sections 187
- IP Authorization sections 188
- Allowed Client IP Addresses 189
- Configuring SNMP 190
- Authentication 191
- The SNMP C 192
- SNMPv1/SNMPv 193
- 2CommunityList 193
- SNMPv3 Username List 194
- SNMP Management Station List 195
- Enterprise MIB overview 199
- Administrato 201
- High Access Administrators 202
- Default Administrator 202
- Local and LDAP Administrators 202
- Administrator passwords 202
- LDAP administrative server 203
- LDAP administrators 203
- Administrator procedures 204
- Create LDAP Adm 205
- Component Description 206
- Password Management overview 207
- Password Manag 209
- Multiple Credentials overview 211
- Multiple Credentials sections 213
- Credentials Granted 214
- Grant a Credential 214
- Remote Administ 216
- LDAP Administra 218
- LDAP Schema Properties 219
- Viewinglogsandstatistics 221
- Log Configu 224
- Log Rotation Properties 225
- Syslog Se 226
- Log Signing 227
- Log Viewer page 229
- Audit Log 230
- Activity Log 231
- Client Event Log 234
- Statistics page 235
- Refresh Stati 236
- System Statistics 236
- Connection Statistics 237
- Throughput 237
- License Usage 238
- Refresh Statistics (server) 238
- KMS Statistics 239
- C Using the Command Line 241
- Interface 241
- Tab completion 242
- Command shortcuts 242
- Command modes 243
- Scripting mode 244
- CLI commands 245
- Activity log com 252
- Audit log comma 256
- Autologout commands 256
- Backup and rest 257
- CA certificate commands 257
- Certificate com 262
- CRL commands 264
- Client event lo 267
- Device reset an 268
- Diagnostic com 269
- FIPS commands 269
- Health check co 272
- Help comman 272
- History commands 272
- Log commands 273
- Mode commands 277
- Network commands 277
- Services comma 282
- SNMP commands 284
- SSL commands 288
- Statistics com 291
- System commands 291
- System informa 295
- System log comm 296
- D Troubleshooting 297
- Troubleshooting 298
- Regulatory co 299
- European Union notice 300
- Japanese not 301
- Korean notices 301
- Taiwanese notic 302
- Laser compliance 302
- Dutch laser noti 303
- French laser notice 303
- German laser notice 303
- Italian laser no 304
- Japanese laser notice 304
- Recycling notic 305
- Estonian notice 306
- Finnish notice 306
- French no 306
- German notice 306
- Greek notice 307
- Hungarian notice 307
- Latvian notice 308
- Lithuanian notice 308
- Polish notice 308
- Portuguese noti 309
- Slovakian notice 309
- Slovenian notice 309
- Spanish notice 310
- Swedish notice 310
- Avis relatif aux piles 311
- Istruzioni per la batteria 312
- Japanese batter 313
- Spanish battery notice 313
- Regulatory compliance notices 314
- FSpecifications 315
- Environmental 316
- G About this guide 317
- Rack stability 318
- HP technical support 318
- About this guide 320
- Glossary 321
Prodotti e manuali riguardandi Magazzini Hp Secure Key Manager
Magazzini Hp XP P9500 Storage Manuale Utente
(31 pagine)
(31 pagine)
Magazzini Hp SAN Manuale Utente
(38 pagine)
(38 pagine)
Magazzini Hp D6000 Disk Enclosure Manuale Utente
(53 pagine)
(53 pagine)
Magazzini Hp MSA 2040 SAN Storage Manuale Utente
(94 pagine)
(94 pagine)
© 2020, manymanuals.it. Tutti i diritti riservati | 0.120 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale