Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Simple Network Management Protocol
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Version 3 === {{prose|section|date=September 2016}} Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks very different due to new textual conventions, concepts, and terminology.<ref name="ESNMP"/> The most visible change was to define a secure version of SNMP, by adding security and remote configuration enhancements to SNMP.<ref name=simpletime>[http://www.simple-times.org/pub/simple-times/issues/5-1.html In This Issue: SNMP Version 3] {{Webarchive|url=https://web.archive.org/web/20170727124237/https://www.simple-times.org/pub/simple-times/issues/5-1.html |date=2017-07-27 }} [http://www.simple-times.org/ The Simple Times] {{ISSN|1060-6084}}</ref> The security aspect is addressed by offering both strong authentication and data encryption for privacy. For the administration aspect, SNMPv3 focuses on two parts, namely notification originators and proxy forwarders. The changes also facilitate remote configuration and administration of the SNMP entities, as well as addressing issues related to the large-scale deployment, accounting, and fault management. Features and enhancements included: * Identification of SNMP entities to facilitate communication only between known SNMP entities β Each SNMP entity has an identifier called the SNMPEngineID, and SNMP communication is possible only if an SNMP entity knows the identity of its peer. Traps and Notifications are exceptions to this rule. * Support for security models β A security model may define the security policy within an administrative domain or an intranet. SNMPv3 contains the specifications for a user-based security model (USM). * Definition of security goals where the goals of message authentication service include protection against the following: ** Modification of Information β Protection against some unauthorized SNMP entity altering [[Data in transit|in-transit messages]] generated by an authorized principal. ** Masquerade β Protection against attempting management operations not authorized for some principal by assuming the identity of another principal that has the appropriate authorizations. ** Message stream modification β Protection against messages getting maliciously re-ordered, delayed, or replayed to affect unauthorized management operations. ** Disclosure β Protection against eavesdropping on the exchanges between SNMP engines. * Specification for USM β USM consists of the general definition of the following communication mechanisms available: ** Communication without authentication and privacy (NoAuthNoPriv). ** Communication with authentication and without privacy (AuthNoPriv). ** Communication with authentication and privacy (AuthPriv). * Definition of different authentication and privacy protocols β MD5, SHA and HMAC-SHA-2<ref>RFC 7860</ref> authentication protocols and the CBC_DES and CFB_AES_128 privacy protocols are supported in the USM. * Definition of a discovery procedure β To find the SNMPEngineID of an SNMP entity for a given transport address and transport endpoint address. * Definition of the time synchronization procedure β To facilitate authenticated communication between the SNMP entities. * Definition of the SNMP framework MIB β To facilitate remote configuration and administration of the SNMP entity. * Definition of the USM MIBs β To facilitate remote configuration and administration of the security module. * Definition of the view-based access control model (VACM) MIBs β To facilitate remote configuration and administration of the access control module. Security was one of the biggest weaknesses of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.<ref name="ESNMP"/> Each SNMPv3 message contains security parameters that are encoded as an octet string. The meaning of these security parameters depends on the security model being used.<ref>{{cite book |author=David Zeltserman |year=1999 |title=A Practical Guide to SNMPv3 and Network Management |location=Upper Saddle River, NJ |publisher=Prentice Hall PTR}}</ref> The security approach in v3 targets:<ref name=cisco>{{cite web |url=http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html |title=SNMPv3 |publisher=Cisco Systems |archive-url=https://web.archive.org/web/20110719232546/http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html |archive-date=2011-07-19 |url-status=dead }}</ref> * Confidentiality β [[Encryption]] of packets to prevent snooping by an unauthorized source. * Integrity β [[Message integrity]] to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism. * [[Authentication]] β to verify that the message is from a valid source. v3 also defines the USM and VACM, which were later followed by a transport security model (TSM) that provided support for SNMPv3 over SSH and SNMPv3 over TLS and DTLS. * USM (User-based Security Model) provides authentication and privacy (encryption) functions and operates at the message level. * VACM (View-based Access Control Model) determines whether a given principal is allowed access to a particular MIB object to perform specific functions and operates at the PDU level. * TSM (Transport Security Model) provides a method for authenticating and encrypting messages over external security channels. Two transports, SSH and TLS/DTLS, have been defined that make use of the TSM specification. {{As of|2004}} the [[IETF]] recognizes ''Simple Network Management Protocol version 3'' as defined by {{IETF RFC|3411}}β{{IETF RFC|3418}}<ref name=snmpv3>{{cite web |url=http://www.ibr.cs.tu-bs.de/projects/snmpv3/ |title=SNMP Version 3 |publisher=Institute of Operating Systems and Computer Networks |access-date=2010-05-07}}</ref> (also known as STD0062) as the current standard version of SNMP. The [[IETF]] has designated SNMPv3 a full [[Internet standard]],<ref>[http://www.rfc-editor.org/categories/rfc-standard.html RFC Editor] {{webarchive|url=https://web.archive.org/web/20071029103140/http://www.rfc-editor.org/categories/rfc-standard.html |date=2007-10-29 }} List of current Internet Standards (STDs)</ref> the highest [[IETF RFC#Status|maturity level]] for an RFC. It considers earlier versions to be obsolete (designating them variously ''Historic'' or ''Obsolete'').<ref name="rfced"/>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)