Manualshelf

A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
11121314151617181920
Security Overview
Chapter 2: HP Insight Remote Support Advanced
test an Internet connection. ICMP is used in the RSCC system to discover devices on the network and
to verify that a monitored system is ready to communicate.
l IP
IP (Internet Protocol) is a network-layer protocol that moves datagrams through an interconnected set
of networks. IP does not guarantee delivery of datagrams and provides no security. Data may be lost,
received out-of-order, or even duplicated. Upper-layer protocols, such as TCP and SSL/TLS, must be
used for providing reliable communication and security. IP is described in RFC 791. The next-layer
protocols referenced in this document are:
Protocol Number Protocol Function
1 ICMP Error and congestion reporting, diagnostics
6 TCP Reliable data transmission
17 UDP Datagram transmission
50 IPsec-ESP Encrypted IP encapsulation
l SNMP
SNMP (Simple Network Management Protocol) is an application-layer protocol used by network hosts
to exchange information used in the management of networks. When discussing SNMP, systems are
categorized as either managed” or managing: a managing system manages a managed system.
Managing systems in turn may also be managed. Each managed system runs a process called an
agent. The agent performs two functions. It responds to information requests from a managing system
using the GET, GETNEXT and GETBULK protocol operations. The managed system agent will also
send unsolicited data to a managing system using the TRAP or INFORM protocol operations.
By default SNMP agents listen on UDP port 161. An SNMP manager sending requests to an agent
may use any ephemeral port for the source. The agent will reply to the manager on that port. Likewise,
by default SNMP managers listen on UDP port 162 for TRAP and INFORM messages from agents on
managed systems. The agent may use any ephemeral port for the source. Because SNMP traps are
notifications, the manager will not reply. If the manager does wish to respond to an agent trap, it must
do so to the agent’s listening port, UDP port 161 by default.
In the current RSCC system, SNMP version 1 is used to gather system configuration and status data.
Because SNMP utilizes UDP (User Datagram Protocol), which does not guarantee message delivery
in the way that TCP (Transmission Control Protocol) does, datagrams may arrive out of order, appear
duplicated, or go missing without notice. SNMP V1 security is limited to a clear-text community string
included with the request, similar to a password. SNMP V1 data is not encrypted, so the entire payload
can be easily snooped on the network. The operating system of the managed system may provide
additional security capabilities for SNMP such as IP address restrictions for valid requests. CERT
maintains a list of frequently asked questions about SNMP security at http://www.cert.org/tech_
tips/snmp_faq.html.
WEBES uses SNMP v2 as well. However, like v1, v2 does not provide encryption services. SNMP v3
provides encryption services, however it is not supported on Microsoft Windows and therefore is not
supported by HP Insight Remote Support Advanced.
l Syslog
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 19 of 97