Download
snmp v3 n.
Skip this Video
Loading SlideShow in 5 Seconds..
SNMP v3 PowerPoint Presentation

SNMP v3

172 Views Download Presentation
Download Presentation

SNMP v3

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SNMP v3

  2. What is SNMPv3? • Provides security for SNMP • Defines a database that determines what parts of each MIB each user can access • Database entries also determine what protocols are used to encrypt data

  3. Who Does What ? • NET+OS SNMPv3 API provide a way for applications to create and change the security database • User applications must create the database at boot up and maintain it

  4. Database Structure • Database consists of USM, VTF, S2G, and VACM entries. • User based Security Model (USM) entries contain information about the user including • Username • Authentication key • Encryption key

  5. Database Structure – cont. • Security to Group (S2G) entries associate a user with a group name. • View Tree Family (VTF) entries define a view into a MIB. A view is a piece (possibly all) of a MIB. • View based Access Control Model (VACM) entries associate a group with a view.

  6. For User to Access MIB • Create a USM entry for the user • Create an S2G entry that associates the user with a group • Create a VACM entry that associates the group with a view • Create a VTF entry that defines a view into the MIB

  7. Why SNMPv3 ? • SNMPv1 doesn’t have security. If it’s on, don’t bother with SNMPv3. • SNMPv2c has very weak security • No support for SNMPv3 features described in RFC-3413. These features don’t seem to be important.

  8. Engine ID • Used to create hash user keys and for encryption and authentication • Older versions of SNMPv3 based it on unit’s IP address. Bad idea since IP address can change. • This version uses Ethernet MAC address • Should prevent problems with new customers • May create minor problems with customers who already had SNMPv3

  9. NASNMPv3 – Example Application • Demonstrates how to start SNMPv3 and create security database entries • Provides command line interface that lets users view and create security data base entries