Please Whitelist This Site?

I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)

If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.

If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.

Thanks for your understanding!

Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide


NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The Book is Here... and Now On Sale!

Searchable, convenient, complete TCP/IP information.
The TCP/IP Guide

Custom Search







Table Of Contents  The TCP/IP Guide
 9  TCP/IP Application Layer Protocols, Services and Applications (OSI Layers 5, 6 and 7)
      9  TCP/IP Network Configuration and Management Protocols (BOOTP, DHCP, SNMP and RMON)
           9  TCP/IP Network Management Framework and Protocols (SNMP and RMON)
                9  TCP/IP Simple Network Management Protocol (SNMP) Protocol
                     9  SNMP Protocol Operations

Previous Topic/Section
SNMP Protocol Information Notification Using Trap(v2) and InformRequest Messages
Previous Page
Pages in Current Topic/Section
12
3
Next Page
SNMP Protocol Messaging and Message Formats
Next Topic/Section

SNMP Protocol Security Issues and Methods
(Page 3 of 3)

SNMPv2/v3 Security Methods

During the “evolution” of SNMPv2 variants, and eventually the creation of SNMPv3, several new security models were created to improve upon SNMPv1's security:

  • Party-Based Security Model: This was the security model for the original SNMPv2 standard, now called SNMPv2p. A logical entity called a party is defined for communication that specifies a particular authentication protocol and a privacy (encryption) protocol. The information is used to verify that a particular request is authentic, and to ensure that the sender and receiver agree on how to encrypt and decrypt data.

  • User-Based Security Model (USM): This was developed in the SNMPv2u variant and used in SNMPv2* (SNMPv2 asterisk); it eventually was adopted in SNMPv3. The idea here is to move away from tying security to the machines and instead use more traditional security based on access rights of a user of a machine. A variety of authentication and encryption protocols can be used to ensure access rights are respected and to protect message privacy. The method relies on time stamps, clock synchronization and other techniques to protect against certain types of attacks.

  • View-Based Access Control Model (VACM): VACM is part of SNMPv3, and defines a method where more fine control can be placed on access to objects on a device. A view specifies a particular set of MIB objects that can be accessed by a particular group in a particular context. By controlling these views an administrator can manage what information is accessed by whom.

These descriptions are “grossly simplified”, to say the least. Security is probably the most complicated subtopic in networking, and describing these methods in detail would require dozens and dozens of topics. You can refer to the relevant standards if you want more information, though unless you are well-read on security topics, you will likely not be able to make heads or tails out of what is written in them.

Use of SNMP Security Methods

Party-based security pretty much died with SNMPv2p; USM and VACM are part of SNMPv3 and provide enhanced security for those who need it (though again, it's interesting to note how many networks continue to use SNMPv1, security warts and all.) SNMPv3 took another important security-related step in redefining the SNMP architecture to seamlessly support multiple security models. This enables different implementations to choose the security model that is best for them. USM is the default model in SNMPv3.

 


Previous Topic/Section
SNMP Protocol Information Notification Using Trap(v2) and InformRequest Messages
Previous Page
Pages in Current Topic/Section
12
3
Next Page
SNMP Protocol Messaging and Message Formats
Next Topic/Section

If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005

© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.