What is SNMPv3? • Provides security for SNMP • Defines a database that determines what parts of each MIB each user can access • Database entries also determine what protocols are used to encrypt data
Who Does What ? • NET+OS SNMPv3 API provide a way for applications to create and change the security database • User applications must create the database at boot up and maintain it
Database Structure • Database consists of USM, VTF, S2G, and VACM entries. • User based Security Model (USM) entries contain information about the user including • Username • Authentication key • Encryption key
Database Structure – cont. • Security to Group (S2G) entries associate a user with a group name. • View Tree Family (VTF) entries define a view into a MIB. A view is a piece (possibly all) of a MIB. • View based Access Control Model (VACM) entries associate a group with a view.
For User to Access MIB • Create a USM entry for the user • Create an S2G entry that associates the user with a group • Create a VACM entry that associates the group with a view • Create a VTF entry that defines a view into the MIB
Why SNMPv3 ? • SNMPv1 doesn’t have security. If it’s on, don’t bother with SNMPv3. • SNMPv2c has very weak security • No support for SNMPv3 features described in RFC-3413. These features don’t seem to be important.
Engine ID • Used to create hash user keys and for encryption and authentication • Older versions of SNMPv3 based it on unit’s IP address. Bad idea since IP address can change. • This version uses Ethernet MAC address • Should prevent problems with new customers • May create minor problems with customers who already had SNMPv3
NASNMPv3 – Example Application • Demonstrates how to start SNMPv3 and create security database entries • Provides command line interface that lets users view and create security data base entries