 |
|
Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
|
|
|
Custom Search
|
|
SNMP Protocol Security Issues and Methods
(Page 3 of 3)
SNMPv2/v3 Security Methods
During the “evolution” of SNMPv2 variants, and eventually the creation of SNMPv3, several new security models were created to improve upon SNMPv1's security:
- Party-Based Security Model: This was the
security model for the original SNMPv2 standard, now called SNMPv2p.
A logical entity called a party is defined for communication
that specifies a particular authentication protocol and a privacy (encryption)
protocol. The information is used to verify that a particular request
is authentic, and to ensure that the sender and receiver agree on how
to encrypt and decrypt data.
- User-Based Security Model (USM): This
was developed in the SNMPv2u variant and used in SNMPv2* (SNMPv2 asterisk);
it eventually was adopted in SNMPv3. The idea here is to move away from
tying security to the machines and instead use more traditional security
based on access rights of a user of a machine. A variety of authentication
and encryption protocols can be used to ensure access rights are respected
and to protect message privacy. The method relies on time stamps, clock
synchronization and other techniques to protect against certain types
of attacks.
- View-Based Access Control Model (VACM): VACM is part of SNMPv3, and defines a method where more fine control can be placed on access to objects on a device. A view specifies a particular set of MIB objects that can be accessed by a particular group in a particular context. By controlling these views an administrator can manage what information is accessed by whom.
These descriptions are “grossly simplified”, to say the least. Security is probably the most complicated subtopic in networking, and describing these methods in detail would require dozens and dozens of topics. You can refer to the relevant standards if you want more information, though unless you are well-read on security topics, you will likely not be able to make heads or tails out of what is written in them.
Party-based security pretty much died with SNMPv2p; USM and VACM are part of SNMPv3 and provide enhanced security for those who need it (though again, it's interesting to note how many networks continue to use SNMPv1, security warts and all.) SNMPv3 took another important security-related step in redefining the SNMP architecture to seamlessly support multiple security models. This enables different implementations to choose the security model that is best for them. USM is the default model in SNMPv3.
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.