1 / 9

SNMP v3

SNMP v3. What is SNMPv3?. Provides security for SNMP Defines a database that determines what parts of each MIB each user can access Database entries also determine what protocols are used to encrypt data. Who Does What ?.

sahara
Download Presentation

SNMP v3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SNMP v3

  2. What is SNMPv3? • Provides security for SNMP • Defines a database that determines what parts of each MIB each user can access • Database entries also determine what protocols are used to encrypt data

  3. Who Does What ? • NET+OS SNMPv3 API provide a way for applications to create and change the security database • User applications must create the database at boot up and maintain it

  4. Database Structure • Database consists of USM, VTF, S2G, and VACM entries. • User based Security Model (USM) entries contain information about the user including • Username • Authentication key • Encryption key

  5. Database Structure – cont. • Security to Group (S2G) entries associate a user with a group name. • View Tree Family (VTF) entries define a view into a MIB. A view is a piece (possibly all) of a MIB. • View based Access Control Model (VACM) entries associate a group with a view.

  6. For User to Access MIB • Create a USM entry for the user • Create an S2G entry that associates the user with a group • Create a VACM entry that associates the group with a view • Create a VTF entry that defines a view into the MIB

  7. Why SNMPv3 ? • SNMPv1 doesn’t have security. If it’s on, don’t bother with SNMPv3. • SNMPv2c has very weak security • No support for SNMPv3 features described in RFC-3413. These features don’t seem to be important.

  8. Engine ID • Used to create hash user keys and for encryption and authentication • Older versions of SNMPv3 based it on unit’s IP address. Bad idea since IP address can change. • This version uses Ethernet MAC address • Should prevent problems with new customers • May create minor problems with customers who already had SNMPv3

  9. NASNMPv3 – Example Application • Demonstrates how to start SNMPv3 and create security database entries • Provides command line interface that lets users view and create security data base entries

More Related