Board logo

subject: The Simple Network Management Protocol Version 3 [print this page]


With the original version of the SNMP there were many problems it inherently had that by the release of version 2 had been significantly ironed out. However SNMP version 2 wasnt itself without its own problems namely an issue relating to how secure it actually was.

These new proposed standards were released back in 1998 which were only 2 years after the revised version 2 SNMP protocols which had originally been released back in 1993. For version 3 we have a complete blueprint of security capabilities rather than a full a complete SNMP capability. This security blueprint was intended to be used in conjunction with the pre existing SNMP version 2.

With version the adaptability it provided allowed for three important services. The first two are authentication and privacy and these are part of the user based security model. The last service is access and is held as the view based access control model.

The authentication unit held within the user based security model confirms that when a message is received that it was transmitted by the lead in the message header. This control system ensures that the message hasnt been altered in anyway and hasnt been purposely delayed.

The lead that sends the message provides the correct message by providing an authentication code within the message. This will detail the exact identities of all parties that the information is passing in-between, so it will include both the recipient and the senders details.

There will also be other unique identifiers to further the security integrity of any particular message. These will include time based identifiers of when a particular message was sent and received and also a secret key that would only be known by the sender and the receiver. The privacy facility of the user based security model enables both mangers and agents to encrypt messages.

Access control within the management information base allows agents to configure the different levels of access to different mangers. So in principal it is possible for an agent to limit access to a manager in two ways.

The first way they can limit access to the manager is by restricting the manager from certain portions of the management information base. So the manager would be unable to view statistics on some parts but be perfectly able to view other unrestricted data. The second way is to limit operations that the manager can perform, such as giving only read access privileges on specific portions of information.

by: Norbert Kimble




welcome to loan (http://www.yloan.com/) Powered by Discuz! 5.5.0