In computational networks, it is common to have one or more automated network management system (NMS) devices for collecting data to ascertain levels of performance (e.g., BER, loss of synchronization, etc.), equipment, module, subassembly, and card failures, circuit outages, levels of traffic, and network usage. NMS devices typically interrogate network components, such as routers, ethernet switches, and other hosts for stored information. As will be appreciated, a network device or component is a computational component that may or may not have a physical counterpart, e.g., the component may be a virtual computational component such as an interface. Examples of proprietary network management systems include Hewlett-Packard's OPENVIEW™, IBM's NETVIEW™, and Digital Equipment Corporation's EMA™. To permit such network management systems in distributed processing networks to communicate with hosts for monitoring and controlling the enterprise network, network management communication protocols have been developed, such as the Simple Network Management Protocol or SNMP and the Common Management Information Protocol or CMIP.
During interrogation, NMS devices interact with authentication systems present in network devices, such as routers. Authentication systems are an essential part of network security. Typically, a user is able to access information in certain network devices only by entering one or more credentials. As used herein, a “credential” refers to a set of information (e.g., a character or string of characters) which must be provided to a computational component for access to information in the computational component to be provided. Examples of credentials for version 1 of SNMP include a community string, for version 3 of SNMP User-Based/Security Model or include USM mode, user name, authentication method, authentication password, privacy method, and privacy password, and for TELNET include a user login, password, router type, and prompt. As will be appreciated, different credentials can be required for differing levels of information access, e.g. read-only access and supervisor levels.
When a new NMS system device is connected to a network, the NMS device must learn the various forms of authentication used to be able to interrogate network devices. The learning process typically involves a user manually setting credentials before using the tool on the network. This is not only a slow task but also fails to easily allow for dynamic changes of authentication during use. For example, some network security schemes require a credential to be periodically changed to maintain a high level of network security.
Network management personnel typically compromise network security for ease of credential configuration in NMS devices. For example, some network management systems rely on the credential being set to a default credential (generally public level access credentials) on all components in the network. In some applications, the varying access levels to the network components are compromised by using a common default credential. This practice unnecessarily restricts the type of authentication to a type of default credential and can restrict with what type of equipment the network management system can be used and also compromises network security. Other network management systems do permit a limited number of passwords to be entered before the network management system performs interrogation but fail to allow for dynamic changes in authentication during use.