Nothing Special   »   [go: up one dir, main page]

CN110034949A - A kind of Write-protection method based on snmp protocol - Google Patents

A kind of Write-protection method based on snmp protocol Download PDF

Info

Publication number
CN110034949A
CN110034949A CN201910129434.4A CN201910129434A CN110034949A CN 110034949 A CN110034949 A CN 110034949A CN 201910129434 A CN201910129434 A CN 201910129434A CN 110034949 A CN110034949 A CN 110034949A
Authority
CN
China
Prior art keywords
write
snmp
protect
mib node
method based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910129434.4A
Other languages
Chinese (zh)
Inventor
罗凌璐
王德辉
左欢欢
李超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nari Technology Co Ltd
NARI Nanjing Control System Co Ltd
Original Assignee
Nari Technology Co Ltd
NARI Nanjing Control System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nari Technology Co Ltd, NARI Nanjing Control System Co Ltd filed Critical Nari Technology Co Ltd
Priority to CN201910129434.4A priority Critical patent/CN110034949A/en
Publication of CN110034949A publication Critical patent/CN110034949A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of Write-protection methods based on snmp protocol; for having preset the snmp management machine of messaging parameter; when network equipment key message being configured or modified by snmp protocol; write-protect certification is carried out again; it reduces when snmp management machine passes through snmp protocol Configuration network device parameter because lacking re-authentication process bring security risk; protection key message will not be distorted arbitrarily, and the safety of network management is improved.

Description

A kind of Write-protection method based on snmp protocol
Technical field
The present invention relates to a kind of Write-protection method based on snmp protocol, it is logical to belong to the network that snmp protocol is management interface Letter and management domain.
Background technique
Simple Network Management Protocol (snmp protocol) is the common association that network management machine is managed remote network devices View.By snmp protocol, network management machine can remotely manage all network equipments for supporting the agreement, including monitor network-like State, modification network equipments configuration, reception network event alarm etc..Network management machine is to the conventional configuration flow of the network equipment: Messaging parameter (the read-write community name of V1/V2C version or the user information of V3 version) has been configured first, has then been sent to corresponding net The configuration MIB node of network equipment sends set-request, waits the response of Network Management Equipment, that is, completes a configuration process.It is logical In normal situation, network management machine after having configured messaging parameter, can to all network equipments configurations for supporting snmp protocols into Row modification, every time without being authenticated again before configuration, therefore there are security risks.
Summary of the invention
The present invention provides a kind of Write-protection methods based on snmp protocol, reduce snmp management machine and are matched by snmp protocol Because lacking re-authentication process bring security risk when setting network equipment parameter.
In order to solve the above-mentioned technical problem, the technical scheme adopted by the invention is that:
A kind of Write-protection method based on snmp protocol, includes the following steps,
The write request message of MIB node is sent to SNMP agent;
If receiving the MIB node write-protect SNMP Trap of SNMP agent feedback, MIB node is sent to SNMP agent Write-protect message identifying;
Receive write-protect certification feedback, if write-protect certification passes through, sends writing for MIB node to SNMP agent again and ask Message is sought, write operation is carried out to MIB node.
If receiving the normal response message of SNMP agent feedback, write request process terminates.
It include the MIB node number being write-protected in MIB node write-protect SNMP Trap, for the dedicated of write-protect certification The prompting character information that MIB node number and MIB node are write-protected.
Write-protect certification feedback includes currently writing authentication state, write auth type and writing certification remaining effective time.
A kind of Write-protection method based on snmp protocol, includes the following steps,
Receive the MIB node write request message of snmp management machine transmission;
According to the MIB node number in write request message, judge whether MIB node needs write-protect, checks write-protect timing Whether device is overtime;
If desired write-protect and write-protect timer expiry then issue MIB node write-protect SNMP to snmp management machine Trap;
Receive and verify the MIB node write-protect message identifying of snmp management machine transmission;
If verification passes through, verification is fed back into snmp management machine by result, and reset write-protect timer;
Receive the MIB node write request message of snmp management machine transmission again.
If not needing write-protect or write-protect timer having not timed out, normal response message is issued to snmp management machine.
Check results are fed back in the form of SNMP Trap.
Write-protect timer setting has maximum timing and timeout flag, resets in response to write-protect timer, resets Timeout flag.
When maximum timing is set as 0, overtime after each write operation, write operation needs write-protect to authenticate again.
MIB node is set by way of defining Proprietary MIB and writes authentication key, is write according to what write-protect message identifying carried Authentication key is verified.
Advantageous effects of the invention: the present invention network equipment key message is configured in snmp management machine or When modification, write-protect certification need to be carried out again, reduced when snmp management machine passes through snmp protocol Configuration network device parameter because lacking Few re-authentication process bring security risk, protection key message will not be distorted arbitrarily, and the safety of network management is improved.
Detailed description of the invention
Fig. 1 is the flow chart that snmp management machine executes Write-protection method;
Fig. 2 is the flow chart that SNMP agent executes Write-protection method;
Fig. 3 is flow chart of the invention;
Fig. 4 is the process schematic of information exchange.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.Following embodiment is only used for clearly illustrating the present invention Technical solution, and not intended to limit the protection scope of the present invention.
A kind of Write-protection method based on snmp protocol passes through for having preset the snmp management machine of messaging parameter When snmp protocol is configured or modifies to network equipment key message, write-protect certification is carried out again, protects key message not It can arbitrarily be distorted.
The interacting message of the above method is mainly between snmp management machine and SNMP agent, and wherein snmp management machine operates in On network management machine, SNMP agent is run on network devices.
From the angle of snmp management machine, detailed process is as shown in Figure 1, steps are as follows:
S1 the write request message of MIB node, generally set-request message) are sent to SNMP agent.
S2) if receiving the MIB node write-protect SNMP Trap of SNMP agent feedback, MIB section is sent to SNMP agent The write-protect message identifying of point carries out write-protect certification;If receiving the normal response message of SNMP agent feedback, write request Process terminates.Wherein, MIB node write-protect SNMP Trap refers to that SNMP agent is receiving write request message and determining the MIB When node is write-protected, the SNMP TRAP comprising the MIB node write-protect relevant information actively is sent to snmp management machine and is reported Text.
S3) receive write-protect certification feedback and send MIB node to SNMP agent again if write-protect certification passes through Write request message carries out write operation to MIB node;If write-protect authentification failure, the write-protect certification of MIB node is sent again Message.
From the angle of SNMP agent, detailed process is as shown in Fig. 2, steps are as follows:
A1) receive the MIB node write request message of snmp management machine transmission, generally set-request message.
A2) according to the MIB node number in write request message, judge whether MIB node needs write-protect, check that write-protect is fixed When device it is whether overtime;
A3) if desired write-protect and write-protect timer expiry then issue MIB node write-protect SNMP to snmp management machine Trap, and return to the not writeable get-response message of the MIB node;If not needing write-protect or write-protect timer not Time-out then issues normal response message to snmp management machine.
A4) receive and verify the MIB node write-protect message identifying of snmp management machine transmission;
A5) if verification passes through, verification is fed back into snmp management machine by result, and reset write-protect timer;If Verification does not pass through, then verification is not fed back to snmp management machine by result.
A6) receive the MIB node write request message of snmp management machine transmission again.
Entire specific process is as shown in Figures 3 and 4, specific as follows:
Step 1, snmp management machine sends the write request message of MIB node, generally set-request report to SNMP agent Text, SNMP agent receive the MIB node write request message of snmp management machine transmission.
Step 2, SNMP agent judges whether MIB node needs write-protect according to the MIB node number in write request message, Check whether write-protect timer is overtime.
Step 3, if desired write-protect and write-protect timer expiry, SNMP agent then issue MIB section to snmp management machine Point write-protect SNMP Trap, and return to the not writeable get-response message of the MIB node;If do not need write-protect or Write-protect timer has not timed out, and SNMP agent then issues normal response message to snmp management machine.
It in actual use, include the MIB node number being write-protected in MIB node write-protect SNMP Trap, for writing guarantor Protect the dedicated MIB node number and the prompting character information that is write-protected of MIB node of certification, specifically have such as table shown in.
1 write-protect SNMP Trap of table
Step 4, if snmp management machine receives the normal response message of SNMP agent feedback, write request process terminates; If snmp management machine receives the MIB node write-protect SNMP Trap of SNMP agent feedback, MIB section is sent to SNMP agent The write-protect message identifying of point carries out write-protect certification.
Write-protect MIB node, when reading the node, can be shown as meaningless by way of defining Proprietary MIB Character string or number;When the node is arranged, customized key digital can be used or character string is configured.
Step 4, SNMP agent receives and verifies the MIB node write-protect message identifying of snmp management machine transmission, if verification Pass through, then verification is fed back into snmp management machine result in the form of SNMP Trap, and reset write-protect timer;If Verification does not pass through, then verification is not fed back to snmp management machine result in the form of SNMP Trap.
MIB node is set by way of defining Proprietary MIB and writes authentication key, is write according to what write-protect message identifying carried Authentication key is verified, and for the validity for guaranteeing write-protect, this is write authentication key and should periodically replace.
Write-protect timer setting has maximum timing and timeout flag, resets in response to write-protect timer, resets Timeout flag.When maximum timing is set as 0, overtime after each write operation, write operation needs write-protect to authenticate again, writes The maximum time of protection timer can be arranged by SNMP Proprietary MIB node.
Step 5, snmp management machine receives write-protect certification feedback, if write-protect certification passes through, again to SNMP agent The write request message for sending MIB node carries out write operation to MIB node;If write-protect authentification failure, MIB section is sent again The write-protect message identifying of point.
In practical applications, write-protect certification feedback (form of SNMP Trap) include currently write authentication state (success/ Failure), write auth type (timing effectively/single effective) and write the remaining effective time (write-protect timer duration) of certification, It is specific as shown in table 2.
2 write-protect of table certification feedback (form of SNMP Trap)
The above method need to carry out writing guarantor again when snmp management machine is configured or modifies to network equipment key message Shield certification is reduced when snmp management machine passes through snmp protocol Configuration network device parameter because lacking re-authentication process bring safety Hidden danger, protection key message will not be distorted arbitrarily, and the safety of network management is improved.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (10)

1. a kind of Write-protection method based on snmp protocol, it is characterised in that: include the following steps,
The write request message of MIB node is sent to SNMP agent;
If receiving the MIB node write-protect SNMP Trap of SNMP agent feedback, writing for MIB node is sent to SNMP agent Protect message identifying;
Receive write-protect certification feedback and sends the write request report of MIB node to SNMP agent again if write-protect certification passes through Text carries out write operation to MIB node.
2. a kind of Write-protection method based on snmp protocol according to claim 1, it is characterised in that: if receiving The normal response message of SNMP agent feedback, then write request process terminates.
3. a kind of Write-protection method based on snmp protocol according to claim 1, it is characterised in that: MIB node writes guarantor It include the MIB node number being write-protected in shield SNMP Trap, for the dedicated MIB node number and MIB node of write-protect certification The prompting character information being write-protected.
4. a kind of Write-protection method based on snmp protocol according to claim 1, it is characterised in that: write-protect certification is anti- Feedback includes currently writing authentication state, write auth type and writing certification remaining effective time.
5. a kind of Write-protection method based on snmp protocol, it is characterised in that: include the following steps,
Receive the MIB node write request message of snmp management machine transmission;
According to the MIB node number in write request message, judge whether MIB node needs write-protect, checks that write-protect timer is No time-out;
If desired write-protect and write-protect timer expiry then issue MIB node write-protect SNMP Trap to snmp management machine;
Receive and verify the MIB node write-protect message identifying of snmp management machine transmission;
If verification passes through, verification is fed back into snmp management machine by result, and reset write-protect timer;
Receive the MIB node write request message of snmp management machine transmission again.
6. a kind of Write-protection method based on snmp protocol according to claim 5, it is characterised in that: if not needing to write guarantor Shield or write-protect timer have not timed out, then issue normal response message to snmp management machine.
7. a kind of Write-protection method based on snmp protocol according to claim 5, it is characterised in that: check results with The form of SNMP Trap is fed back.
8. a kind of Write-protection method based on snmp protocol according to claim 5, it is characterised in that: write-protect timer It is provided with maximum timing and timeout flag, is resetted in response to write-protect timer, timeout flag is resetted.
9. a kind of Write-protection method based on snmp protocol according to claim 8, it is characterised in that: when maximum timing Between when being set as 0, equal time-out after each write operation, write operation needs write-protect to authenticate again.
10. a kind of Write-protection method based on snmp protocol according to claim 5, it is characterised in that: MIB node passes through The mode for defining Proprietary MIB, which is set, writes authentication key, is verified according to the authentication key of writing that write-protect message identifying carries.
CN201910129434.4A 2019-02-21 2019-02-21 A kind of Write-protection method based on snmp protocol Pending CN110034949A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910129434.4A CN110034949A (en) 2019-02-21 2019-02-21 A kind of Write-protection method based on snmp protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910129434.4A CN110034949A (en) 2019-02-21 2019-02-21 A kind of Write-protection method based on snmp protocol

Publications (1)

Publication Number Publication Date
CN110034949A true CN110034949A (en) 2019-07-19

Family

ID=67234960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910129434.4A Pending CN110034949A (en) 2019-02-21 2019-02-21 A kind of Write-protection method based on snmp protocol

Country Status (1)

Country Link
CN (1) CN110034949A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859216A (en) * 2006-04-05 2006-11-08 华为技术有限公司 SNMP communication system and method
US7290142B1 (en) * 1999-09-28 2007-10-30 Thomas Licensing System and method for initializing a simple network management protocol (SNMP) agent
CN102201935A (en) * 2011-05-13 2011-09-28 大唐移动通信设备有限公司 Access control method and device based on VIEW
CN103475506A (en) * 2013-08-27 2013-12-25 大唐移动通信设备有限公司 Multi-equipment management control method and multi-equipment management control system
CN104717176A (en) * 2013-12-11 2015-06-17 华为技术有限公司 Access control method, access control system, and server
EP3276919A1 (en) * 2016-07-26 2018-01-31 Schneider Electric IT Corporation Cloud assisted management of devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290142B1 (en) * 1999-09-28 2007-10-30 Thomas Licensing System and method for initializing a simple network management protocol (SNMP) agent
CN1859216A (en) * 2006-04-05 2006-11-08 华为技术有限公司 SNMP communication system and method
CN102201935A (en) * 2011-05-13 2011-09-28 大唐移动通信设备有限公司 Access control method and device based on VIEW
CN103475506A (en) * 2013-08-27 2013-12-25 大唐移动通信设备有限公司 Multi-equipment management control method and multi-equipment management control system
CN104717176A (en) * 2013-12-11 2015-06-17 华为技术有限公司 Access control method, access control system, and server
EP3276919A1 (en) * 2016-07-26 2018-01-31 Schneider Electric IT Corporation Cloud assisted management of devices

Similar Documents

Publication Publication Date Title
CN106708489B (en) Debugging method and system of equipment
CN108173822A (en) Intelligent door lock management-control method, intelligent door lock and computer readable storage medium
CN106487511A (en) Identity identifying method and device
EP2725759A1 (en) Authentication method for bidirectional forwarding detection session and node
CN106131072A (en) A kind of computer information safe system
CN106713279A (en) Video terminal identity authentication system
CN108198308A (en) Door-access control method and device
CN103249040A (en) Method and device for wireless access authentication
TW201212614A (en) Network devices and authentication protocol methods thereof
CN106534129B (en) Connection control method and device
CN113378135B (en) Method for inquiring and verifying privacy data of computer
CN112073381B (en) Detection method for connecting internet equipment to access intranet
CN101369995A (en) Dial-up gateway based on security credible connection technology
US20120166608A1 (en) Network communication method, network communication system, network communication apparatus and program therefor
CN105516219B (en) Method, system and the card management server of embedded smart card security deactivation
CN101645124B (en) Method for unlocking PIN code and intelligent key equipment
EP1940405A2 (en) Method and system for securing input from an external device to a host
CN103036906B (en) The authentication method of the network equipment, device, access device and controllable device
CN110034949A (en) A kind of Write-protection method based on snmp protocol
CN101247618B (en) Terminal validity detecting method and system
CN103763119A (en) Telnet/SSH-based network terminal management method
CN112073961A (en) SIM card state updating method and device, terminal and readable storage medium
CN104852904B (en) A kind of Server remote method for restarting applied based on cell phone application and Encrypted short message ceases
CN109344584B (en) Safety management method for initial account of intelligent equipment
CN111191208A (en) High-security computer information data protection system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190719

RJ01 Rejection of invention patent application after publication