SNMP Version 3 SNMPv3

1
SNMP Version 3(SNMPv3)

• J. Won-Ki Hong
• Dept. of Computer Science and Engineering
• POSTECH
• Tel 054-279-2244
• Email jwkhong_at_postech.ac.kr

2
Table of Contents

• The Birth of SNMPv3
• SNMPv3 Security Models and Levels
• Comparison with SNMPv1 SNMPv2

3
The Birth of SNMPv3

• SNMPv1 SNMPv2 both lack strong security
  features
• Internet being open environment, how to provide
  secure access between manager and managed devices
  has been a big concern
• SNMPv3 was born to solve this problem
• Security features provided in SNMPv3
• Authentication determining if a message is from
  a valid source
• Encryption scrambling the contents of a packet
  prevents it from being seen by an unauthorized
  source

4
Recall Internet NM Framework

• Basically, SNMPv3 is a natural extension of
  SNMPv1 SNMPv2
• Internet NM Framework consists of
• 1. Manager-agent interaction model
• 2. a management information definition language
  (SMI)
• 3. definitions of management information (MIB)
• 4. management protocol
• 5. security and administration
• SNMPv3 inherited 1, 2, 3 4 from SNMPv2 and
  added a new set of documents for 5

5
Security Models Levels (1)

• SNMPv3 provides for both security models levels
• Security model an authentication strategy that
  is set up for a user and the group in which the
  user resides
• Security level permitted level of security
  within a model
• Three security models available - SNMPv1, SNMPv2,
  SNMPv3
• Three security levels available - noauth, auth,
  priv
• Authenticates a packet by using
• noauth a string match of the user name
• auth either HMAC MD5 or SHA algorithms
• priv either HMAC MD5 or SHA algorithms and
  encrypts the packet using the CBC-DES (DES-56)
  algorithm

6
Security Models Levels (2)

• DES Data Encryption Standard
• MD5 SHA Secure Hash Function
• HMAC Message Authentication Code

7
SNMPv1 vs. SNMPv3
8
SNMPv2 vs. SNMPv3

• The unmet goals of SNMPv2 include provision of
  commercial grade security
• authentication origin identification, message
  integrity, replay protection
• privacy confidentiality
• authorization and access control
• suitable remote configuration and administration
  capabilities for these features
• SNMPv3 attempts to provide these

9
SNMPv3 References (1)

• RFC 3410 (Informational) - Introduction and
  Applicability Statements for Internet Standard
  Management Framework (December 2002)
• RFC 3411 - An Architecture for Describing SNMP
  Management Frameworks (December 2002)
• RFC 3412 - Message Processing and Dispatching
  (December 2002)
• RFC 3413 - SNMP Applications (December 2002)
• RFC 3414 - User-based Security Model (December
  2002)
• RFC 3415 - View-based Access Control Model
  (December 2002)
• RFC 3416 - Version 2 of SNMP Protocol Operations
  (December 2002)
• RFC 3417 - Transport Mappings (December 2002)
• RFC 3418 - Management Information Base (MIB) for
  the Simple Network Management Protocol (SNMP)
  (December 2002)

10
SNMPv3 References (2)

• http//www.snmp.com/snmpv3/v3white.html
• http//www.ibr.cs.tu-bs.de/ietf/snmpv3/
• http//www.ietf.org/html.charters/snmpv3-charter.h
  tml
• http//www.simpleweb.org/ietf/