Abstract
Much of the network management technology today still centres around a remote monitoring approach. One would like to have a more intrusive management capability but in a large distributed system one must have confidence that management activities can not be subverted, whether by accident or by malicious intent. To achieve this goal, one requires the management applications to have security mechanisms that will prevent unprivileged users from altering the system accidentally but also, more importantly, to prevent possible attacks from a third party who may disrupt or misuse services. This paper describes some services and mechanisms with which the authors have experimented to allow secure remote management of a distributed system in a real service environment. Although there are many standards documents describing various security mechanisms, some aspects of these documents are not stable and in other cases we can not apply the mechanisms they describe due to restrictions in our development and deployment environment. In such cases we have had to make some adaptations.
Chapter PDF
Similar content being viewed by others
References
CCITT Recommendation X.400, Message Handling Systems: System Model Service Elements, Geneva, 1984.
R. L. Rivest, A. Shamir, L. A. Adleman, A Method for Obtaining Digital Signatures and Public Key Cryptosystems, Communications of the ACM, number 21, volume 2, pages 120–126, February 1978
CCITT Recommendation X.500, The Directory — Overview of Concepts, Models and Services, Geneva, March 1988.
CCITT Recommendation X.509, The Directory — Authentication Framework, Geneva, March 1988.
CCITT Recommendation X.511, The Directory - Abstract Service Definition, Geneva, March 1988.
CCITT Recommendation X.800, Security Architecture for Open Systems Interconnection for CCITT Applications, Geneva, 1991
ISO/IEC CD 10183.2, Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 3: Access Control, 16 June 1992.
ISO/IEC CD 10164–9.3, Information Technology - Open Systems Interconnection - Systems Management - Part 9: Objects and attributes for Access Control, Borehamwood, UK, December 1992.
ISO/IEC CD 11586, Information Technology - Open Systems Interconnection - Generic Upper Layers Security, December 1992.
P. T. Kirstein, P. Williams, Piloting Authentication and Security Services Within OSI applications for RandD information ( PASSWORD ), UCL Department of Computer Science, April 1992.
J. Case, K. McCloghrie, M. Rose, S. Waldbusser, Introduction to version 2 of the Internet-standard Network Management Framework, Internet RFC 1441, April 1993.
Network Management Forum, Application Services: Security of Management, OMNIPoint/NM-Forum 016, Bernardsville, NJ, August 1992.
R. Rivest, The MD5 Message-Digest Algorithm, Internet RFC 1321, 16 March 1992.
ROS, 1989] ISO/IEC 9072, Information processing systems - Text Communication - Remote Operations, 1989.
National Institute of Standards and Technology, Data Encryption Standard, FIPS Publication 46–1, January 1988.
G. Knight, S. Bhatti, L. Deri, Secure Remote Management in the ESPRIT MIDAS project, Proceedings of IFIP WG 6.5 International working Conference on Upper Layer Protocols, Architectures and Applications, Barcelona, June 1994
CCITT Recommendation X.227, Connection Oriented Protocol Specification for the Association Control Service Element, September 1992.
ISO/IEC 9595, Information technology - Open Systems Interconnection - Common management information service definition, May 1990.
ISO/IEC 9596, Information technology - Open Systems Interconnection - Common management information protocol specification, May 1990.
UCL Department of Computer Science, The OSI Security Package OSISEC User’s Manual, May 1993.
UCL Department of Computer Science, The OSI Management Information Service User’s Manual, Version 1.0 for system version 3. 0, February 1993.
UCL Department of Computer Science, The ISODE User’s Manual, Version 7. 0, July 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Bhatti, S.N., Knight, G., Gurle, D., Rodier, P. (1995). Secure remote management. In: Sethi, A.S., Raynaud, Y., Faure-Vincent, F. (eds) Integrated Network Management IV. IM 1995. IFIP — The International Federation for Information Processing. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34890-2_14
Download citation
DOI: https://doi.org/10.1007/978-0-387-34890-2_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5517-6
Online ISBN: 978-0-387-34890-2
eBook Packages: Springer Book Archive