Insight Remote Support 7.0.9 Security White Paper
Simple Network Management Protocol version 1 is a protocol developed to manage nodes (servers, routers,
switches, and hubs) on an IP network. SNMPv1 is described in RFC 1157. SNMPv1 is an unencrypted
communication service that communicates over UDP port 161. SNMPv1 is a simple request/response protocol
(responses are not acknowledged). The Hosting device issues a request and a monitored device returns a
response.
SNMPv2
Simple Network Management Protocol version 2 or more specifically, SNMPv2C (a subset of SNMPv2), is an
extension of SNMPv1. It also is an unencrypted communication service that communicates over UDP port 161.
SNMPv2 is described in RFC 1441 and includes enhanced protocol operations to the SNMPv1 protocol that include
the GetBulk operation (to retrieve large blocks of data) and the Inform operation (allowing one Network
Management System to send trap information to another Network Management System and receive a response
or acknowledgement). If Inform operation responses are not acknowledged, the SNMP agent will resend the
Inform message.
SSH
The Secure Shell (SSH) protocol is an application-layer protocol which permits secure remote access over a
network from one computer to another. SSH negotiates and establishes an encrypted, and authenticated
connection between an SSH client and an SSH monitored server. SSH provides data integrity checks, prevents
eavesdropping, and modification of sensitive data transferred between the Hosting Device and monitored
systems. SSH typically uses TCP port 22, but alternative port numbers may be assigned to the SSH server. SSH is
described in RFC 4251.
Although the SSH protocol is typically used to log into a remote machine and execute commands, it also supports
tunneling, forwarding arbitrary TCP ports and X Windows System, version 11 (X11) connections. It can transfer
files using the associated Secure File Transfer Protocol (SFTP) or Secure Containment Protocols (SCP).
The SSH protocol exists in two versions. Several security vulnerabilities have been identified in the original SSH
protocol version 1, therefore it should be considered insecure and should not be used in a secure environment.
Its successor, SSH protocol version 2, strengthened security by changing the protocol and adding Diffie-Hellman
key exchange and strong integrity checking via message authentication codes. HP RDC and HP RDA use SSH
protocol version 2 for most connections.
SSL and TLS
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are application-layer protocols
which provide data encryption and authentication. TLS 1.0 is an updated version of SSL v3. SSL and TLS use
X.509 certificates, also known as “digital” certificates, for authentication. Although most users are accustomed
to working only with server certificates, SSL and TLS can be configured to require client-side certificates which
provides password-less two-way authentication. The Hosting Device and monitored devices authenticate using
X.509 certificates. Also, all communications between the client browsers and the Hosting Device are protected by
SSL. The Remote Support Configuration Collector System supports both SSL V3 and TLS 1.X.These two protocols
are most ubiquitous in HTTPS on TCP port 443. Other protocols and applications also utilize SSL and TLS for
security.
Telnet
Telecommunications Network (Telnet) is an application-layer protocol that was developed for providing remote
terminal sessions. Some older storage devices, routers, switches, and other devices will support only telnet for
network access. Although it is insecure, Insight Remote Support uses this protocol to provide support for these
legacy devices. Telnet does not provide encrypted transport of data and is considered to be an insecure
communication service. Today, most operating systems use SSH in place of telnet as the standard terminal
communication protocol. Telnet is described in RFC 854. Telnet has been assigned to TCP port 23, however it
may be configured to run on other ports
WBEM
Web Based Enterprise Management (WBEM) is an initiative based on a set of management and Internet standard
technologies developed by the Distributed Management Task Force (DMTF) to unify the management of
enterprise computing environments. WBEM is really a collection of Internet standards and DMTF open standards:
Common Information Model (CIM) infrastructure and schema, CIM-XML, CIM operations over HTTP, and Web
Services for Management (WS-Management). The Common Information Model (CIM) provides a common
definition of management information for systems, networks, applications and services, and allows for vendor
extensions. WS-Management is a specification of a SOAP-based protocol for the management of servers,
devices, and applications. WBEM can be encapsulated inside either HTTP or HTTPS. HP Insight Remote Support
does not support unencrypted WBEM communications. All Insight Remote Support WBEM traffic is encrypted
using HTTPS on TCP port 5989.