SNMPv3 is an interoperable standards-based protocol for network
management. SNMPv3 provides secure access to devices by a combination of
authenticating and encrypting packets over the network. The security features
provided in SNMPv3 are:
-
Message integrity – Ensuring that a packet has not been tampered
with in-transit.
-
Authentication – Determining the message is from a valid
source.
-
Encryption – Scrambling the contents of a packet prevent it from
being seen by an unauthorized source.
SNMPv3 provides for both security models and security levels. A
security model is an authentication strategy that is set up for a user and the
group in which the user resides. A security level is the permitted level of
security within a security model. A combination of a security model and a
security level will determine which security mechanism is employed when
handling an SNMP packet. Three security models are available: SNMPv1, SNMPv2c,
and SNMPv3. Figure
identifies what
the combinations of security models and levels mean:
The benefits of
version 3 include the following:
- Data can be collected securely from SNMP devices without fear of the data
being tampered with or corrupted.
- Confidential information, for example, SNMP Set command packets that change
a router's configuration, can be encrypted to prevent its contents from
being exposed on the network.
Cisco devices such as router and switches support SNMPv3 message types
and the
increased security capabilities, but many management software applications do
not support SNMPv3. Applications which support version 3 include MG-Soft MIB
Browser
and SNMP
Research International’s CiAgent or Enterpol. HP Openview can support version 3
with the help of SNMP Research International extensions.