Security Management is a Network Management function that is about protecting both the network as a whole and the individual devices against intentional or accidental abuse, unauthorized access and communication loss.
Security Management is also responsible to set constraints per managed element, according to standards & specifications.
Implementing an SNMP-based Network Management System without considering security can be a big problem, especially if we are talking about commercial networks. Even for home networks, security should be top priority to ensure that sensitive data are not publicly available or easy to be accessed.
An easy way to understand security is to categorize security functions as:
In security systems, authentication is distinct from authorisation, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
When evaluating the authentication security capabilities of a system software, you typically look for the following features:
- Local and remote authentication
- Strong authentication
- Two-factor authentication
- User account monitoring
Remote user authentication is about the system capability to use an external authority to authenticate the users. Typically this requires network connectivity to 3rd party servers, running software like TACACS, LDAP, etc. The benefit of remote user authentication is that it simplifies creation and maintenance of login credentials which is important for large organizations.
Strong Authentication is about enhancing the password. The user login is typically secured via a password, i.e. a password must be entered two times, and it is scrambled to prohibit accidental or on purpose view from other users.
- Enforce users to use only strong passwords, with at least eight characters, letters, numbers and special characters.
- Enforce passwords expiration: this requires the users to change their password frequently, e.g. every month.
Two-factor authentication is another authentication enhancement, which requires the usage of two authentication factors: a knowledge factor together with a possession factor or an inherence factor.
We use the 2-factor authentication in order to decrease the probability of false evidence of identity. Example of factors are:
- Something the user knows, such as a password, PIN, pattern, etc.;
- Something the user has, such as ATM card, smart card; and
- Something the user is, typically a biometric characteristic, such as a fingerprint.
Two-factor authentication is not something new, having been used throughout history. Example of 2-factor authentication are local automated teller machines (ATM). When a bank customer visits an ATM, he uses as the first authentication factor the physical ATM card that he slides into the machine. He then uses as the second facto the PIN, which he customer enters through a keypad.
Two-factor authentication is not very common in SNMP Network Management Systems, as the user usually performs the authentication in a controlled environment. Instead, strong authentication is frequently employed, except in tier-1 operators.
Authorisation is defined as the process of giving individuals access to system objects based on their identity. Obviously, both authentication and authorisation are required in order to identify the individual (authentication) and provide him access rights (authorization).
When evaluating the authorization security capabilities of a system software, you typically look for the following features:
- Multiple roles according to predefined templates (Administrator / Power User / Alarm / Monitor, etc.) that grant specific rights of access to the system.
- Role creation and removal (by the administrator).
- Multiple users per role.
- Fine grained privileges (per role, per user) – each role, and/or user, may have access to specific functions / views / network objects.
Why we need predefined roles
A good NMS system must have a set of predefined roles, to enable usage of the software out-of-the-box. Typically, predefined roles are:
The Alarm role can monitor everything plus the following actions:
- Acknowledge alarms.
- Clear alarms.
- Delete alarms.
- Set Maintenance Mode on / off.
The Power User role can perform any action except the following:
- Alarm Severity Mapping to define which alarms are critical, which major, etc.
- Event Log Administration, to change the log-level configuration
- Auto Archiving, to reduce the number of performance records stored in the database
- Drag and Drop on Telecom Objects to re-arrange the network topology.
Create / Remove / Manipulate Schedules.
- Create / Remove / Modify Users and Roles.
- Create / Remove his own Reports / Network Navigators.
The Administrator role can create one or more users and assign them to one of the aforementioned roles or to a new role. The Administrator can perform any action. More specifically, concerning the security administration, the Administrator role can:
- Modify the predefined Roles.
- Create / Remove / Modify User entries.
- Create / Remove / Modify Role entries.
- Restrict User Access to the Network.
Authorisation is useful only when the privileges are fine-grained, i.e. detailed, and can be fully customised. Only then you can really control the access rights of the user.
Segmentation of the network is about splitting the managed network into logical domains that are then assigned to roles or users in order to restrict access to domains and NEs.
Network Segmentation is performed by the administrator, that creates one or more Network Access Domains (NADs) and assigns them existing Domains / Network Objects (i.e. Network Elements / Modules / Ports / Topological Links / Sub-networks / Service Fragments / Services).
Then, these NADs can be assigned to specific users, thus permitting them to view only the Domains / Network Objects belonging to the NADs. In this case, the Network Navigator (hierarchical tree-view) , the Graphical View (topology map-view) as well as all types of reports (Active Alarms, Real Time Alarms & Events, Performance Reports etc.) will show information only for the Domains / Network Objects belonging to the specific NADs.
Network Segmentation is a feature that enables Virtual Network Operators (VNOs), i.e. separate operators providing services over a network that belongs to another organisation. In this case each VNO can monitor only the part of the network that enables the services it provides, while the network owner can monitor the whole network.
Secure Communication is about ensuring that the protocols used are secure or are configured with their secure features enabled. Typical checklist for secure communication includes:
- Check that only secure protocols are used for communication with the network elements, e.g. the NMS uses Secure FTP (SFTP) instead of FTP and Secure Shell (SSH) instead of Telnet
- Check that custom SNMP credentials are used, instead of the default public/private credentials.
Server hardening is an activity that requires IT competence. Hardening typically includes:
- Removal of unnecessary services and software packages that run on the server.
- Database & OS customisation, to remove default security values
- Elimination of plain text passwords and replacement with encrypted ones.
To certify that a server is hardened, an external certification authority may be used, to provide an audit of the server in question.
User Account Management
User account management is about enabling the administrator to:
- Add Users
- Add Roles
- Define Priviledges
- Restrict User Access to the Network
- Monitor login and logout of users
- Force users to logout
- Lock user accounts.
It appears that the TMN model is not very clear at this part, as some Vendors include User Accounting in Security Management, while others include it in Accounting. This really does not matter as long the features are included!