FOR IMMEDIATE RELEASE Contact: Marshall T. Rose Dover Beach Consulting, Inc. (415) 968-1052 David Preston Epilogue Technology Corporation (505) 271-9933 Tom Woolf Woolf Media Relations, Inc. (415) 508-1554
Presentations and Discussion Will Center on Different Security Options Being Proposed for SNMP Version 2
LAS VEGAS, Nevada (March 18, 1996) -- At NetWorld+Interop 96 Las Vegas, Marshall T. Rose of Dover Beach Consulting, Keith McCloghrie of Cisco Systems, Bert Wijnen of IBM's T.J. Watson Research Center, and the other architects of the User-based Security Model (USEC or SNMPv2u) will participate in a Birds of a Feather session scheduled to be held in Ballroom A of the Las Vegas Hilton on Tuesday, April 2, from 8:00 to 10:00 pm. Rose will act as moderator and a number of vendors, including Epilogue Technology Corporation and IBM, will be on hand to offer their insights into deploying USEC in production networks to support SNMPv2c, the SNMP version 2 Community-based standard approved by the Internet Engineering Task Force (IETF) last December.
Glenn Waters of Northern Telecom, who originally proposed the USEC security scheme, McCloghrie, Rose, and other members of the IETF have been developing and testing USEC since last May. The USEC security extension to SNMPv2 was successfully tested at the IETF meeting in December, demonstrating that the USEC security scheme was easy to use and readily deployable. Various implementations of the USEC security technology were also demonstrated by Dover Beach Consulting, Epilogue Technology and IBM interoperating with SNMPv2c at ComNet '96 held in Washington D.C. in January. ``We have already demonstrated how easy it is to create a secure SNMP environment using USEC, the challenge now is to get the industry to step forward and embrace this new technology,'' said Marshall Rose. ``NetWorld+Interop offers the best forum to solicit input from the networking industry, and this Birds of a Feather session will give everyone in the networking industry an opportunity to learn more about USEC and the issues surrounding SNMP security. It will also give us a chance to explore ways to enlist technologists who are interested in developing SNMP solutions using USEC security and help USEC evolve.''
``The various security proposals for SNMPv2 are designed to fulfill the same basic objectives: providing authentication and privacy,'' said Wijnen. ``If you look at the current published documents of SNMPv2* (the other security proposal), then the net result is that SNMPv2* delivers the same functionality as SNMPv2u. However, it adds additional overhead on the wire and in the code. The advantage offered by USEC is that it is well-defined, stable, robust, tested, and ready to implement, and that provides a good foundation from which we can all work to create a secure remote configuration MIB standard. Our immediate task, and the agenda of this BOF, is to assess the similarities and differences offered by these two proposed security models and start working together to solve the problem of adding security to SNMPv2, which we can then bring back into the IETF standardization process.''
The User-based Security Model is being offered as a minimal impact extension to SNMPv2c and is designed to provide a simple yet robust authentication scheme for network management security. USEC supports three aspects of authentication: replay protection, message integrity, and origin identity. Replay protection is designed to prevent an intruder from capturing an SNMP packet for use at a later time, such as a command to reboot a router. Message integrity ensures that the content of a packet cannot be changed without detection, e.g., changing a command to dump the routing tables to a command to modify the routing tables. Origin identity ensures that the identity of the originator of an SNMP operation is who he or she appears to be. As an option, message privacy can also be provisioned, preventing disclosure of management information to unauthorized parties.
To bootstrap USEC, the system operator first creates a user identity that is associated with a password. From the password, a cryptographic key is automatically derived. The management station will then be able to enter into a low-level interaction with the agent to establish a secure network management environment, first using authentication to establish communication, then synchronizing the station and agent clocks to prevent replay attacks and attaching cryptographic checksums using the Keyed-MD5 algorithm. The result is a secure SNMP communication channel.
``This technology is readily portable, as we demonstrated at ComNet, and we have already added USEC support to our Envoy SNMP product so our OEM customers can begin to experiment with this SNMP security scheme,'' said David Preston, president and COO of Epilogue Technology Corp. ``We recognize that the jury is still out as to which security model will emerge as the industry standard, and we intend to support other SNMP security technologies as they emerge. However, USEC is ready to deploy today and this NetWorld+Interop Birds of a Feather will give us a chance to present our findings to the industry and solicit input on the best way to proceed to create a sanctioned SNMP security standard.''
Anyone interested in more information about SNMP USEC can get it from The USEC Resource Page on the Internet. In addition, a USEC White Paper is available on request.
Epilogue Technology Corporation specializes in developing and marketing standards-based network management and protocol software products and support services to computer OEMs and computer systems manufacturers. Epilogue has licensed its products to more than 220 companies to date, including 3Com, Chipcom Corporation, IBM, Network General Corporation, Northern Telecom, and Optical Data Systems, among others. Epilogue customers have shipped more than 2 million network devices containing Epilogue Technology products worldwide.
Epilogue Technology Corporation is located at 11116 Desert Classic Lane, N.E.,Albuquerque, NM 87111-7512; telephone: 505/271-9933; FAX: 505/271-9798.