SNMP v 3 What is SNMPv 3 Provides

SNMP v 3

What is SNMPv 3? • Provides security for SNMP • Defines a database that determines what parts of each MIB each user can access • Database entries also determine what protocols are used to encrypt data

Who Does What ? • NET+OS SNMPv 3 API provide a way for applications to create and change the security database • User applications must create the database at boot up and maintain it

Database Structure • • Database consists of USM, VTF, S 2 G, and VACM entries. User based Security Model (USM) entries contain information about the user including – Username – Authentication key – Encryption key

Database Structure – cont. • Security to Group (S 2 G) entries associate a user with a group name. • View Tree Family (VTF) entries define a view into a MIB. A view is a piece (possibly all) of a MIB. • View based Access Control Model (VACM) entries associate a group with a view.

For User to Access MIB • Create a USM entry for the user • Create an S 2 G entry that associates the user with a group • Create a VACM entry that associates the group with a view • Create a VTF entry that defines a view into the MIB

Why SNMPv 3 ? • SNMPv 1 doesn’t have security. If it’s on, don’t bother with SNMPv 3. • SNMPv 2 c has very weak security • No support for SNMPv 3 features described in RFC-3413. These features don’t seem to be important.

Engine ID • Used to create hash user keys and for encryption and authentication • Older versions of SNMPv 3 based it on unit’s IP address. Bad idea since IP address can change. • This version uses Ethernet MAC address • Should prevent problems with new customers • May create minor problems with customers who already had SNMPv 3

NASNMPv 3 – Example Application • Demonstrates how to start SNMPv 3 and create security database entries • Provides command line interface that lets users view and create security data base entries