Which version of SNMP supports authentication and encryption and is the current version of SNMP?
Table of Contents
IntroductionSecure management is available with SNMPv3, the ``Full Standard,'' IETF-recommended version of the Internet-Standard Management Framework. This technology provides commercial-grade security and the ease of administration, which includes authentication, authorization, access control, and privacy. Show
The secure management of SNMPv3 is an important enabling technology for safe configuration and control operations. SNMPv3 provides security with authentication and privacy, and its administration offers logical contexts, view-based access control, and remote configuration. This technology is available for networks, systems, applications, manager-to-manager communications, and proxy management of legacy systems. SNMPv3 is derived from and builds upon both the original Internet-Standard Management Framework (SNMPv1) and the second Internet-Standard Management Framework (SNMPv2c). All versions (SNMPv1, SNMPv2c, and SNMPv3) of the Internet-Standard Management Framework share the same basic structure and components. Furthermore, all versions of the specifications of the Internet-Standard Management Framework follow the same architecture. SNMPv3 FeaturesMany SNMP products remain fundamentally the same under SNMPv3, but are enhanced by the following new features: Security
Administration
Additional SNMPv3 Features (from v2)The following features are incorporated from the SNMPv2 Framework by reference.
Security Threats and SNMPv3 ProtectionSecure management with SNMPv3 protects against four threats:
Security MechanismsUser-based Authentication Mechanism is based on the following:
User-based Privacy Mechanism is based on the following:
ConfigurationSNMPv3 provides the following configuration possibilities. (Note: availability depends on export restrictions.)
The network administrator has the potential to configure the protection level on a transaction-by-transaction basis. Criteria to consider when choosing configuration options are system resources and level of protection. SNMPv3 ArchitectureThe specifications of the Internet-Standard Management Framework are based on a modular architecture. This framework is more than just a protocol for moving data. The framework consists of
The framework was structured with a protocol-independent data definition language and Management Information Base, along with a MIB-independent protocol. The SNMPv3 Framework builds and extends these architectural principles by
Those who are familiar with the architecture of the SNMPv1 Management Framework and the SNMPv2 Management Framework find many familiar concepts in the architecture of the SNMPv3 Management Framework. However, in some cases, the terminology may be somewhat different. Security and Administration FrameworkSNMP entities contain a security subsystem (and possibly an access control subsystem) to prevent unauthorized users from accessing a MIB or parts of a MIB. SNMP entities also possess these subsystems to ensure that authorized users retrieve and update information from only the parts of the MIB that they are allowed to view. Only a user who has the necessary access privileges will be able to obtain the desired level of service from a properly configured SNMP entity. A Security Administration Framework defines the mechanisms, which control the level of service provided by an SNMP entity. The mechanisms discriminate each message based on who is sending the message, what operation is requested, where the operation takes place within the MIB, and how the request is being sent (security protocol in use). Who? Authentication discriminates a request based on the sender of the message. An authentication identifier includes some type of shared secret, which is used to verify the identity of the sender. What? Authorization discriminates a request based on the operation being requested. An authorization identifier defines a set of operations that are permitted (e.g., Get, Set, Trap, etc.). Where? Access Control discriminates a request based on the MIB objects where a requested operation would be performed. An access control identifier, or MIB View, defines a set of objects in the MIB where operations may be performed. How? Security Level discriminates a request based on the security protocols used for a request. Security level options include privacy protocols and alternative authentication algorithms.SNMPv3 RFCsThe SNMPv3 Request for Comments (RFCs) provide further detail about SNMPv3. A complete list of RFCs can be found at http://www.snmp.com/snmpv3/.
Sources for More Information
Contact InformationFor further information about SNMPv3 or SNMP Research's products, please contact SNMP Research, Inc. SNMP Research Incorporated Which version of SNMP uses encryption?SNMP version 3: adds security to the 64 bit counters. SNMP version 3 adds both encryption and authentication, which can be used together or separately.
What is the current SNMP version?SNMP version 3 (SNMPv3 ) is the latest version of SNMP.
Does SNMP v2 have encryption?The Cisco Learning Network
My answer to this is False because SNMPv2c doesn't support encrypted passwords. SNMP 3 supports encrypted passwords. SNMPv2c's advantage over SNMPv1 is Get Bulk Requests and Inform Request messaging types.
What is SNMP v2 and v3?Main difference between SNMP v2 and SNMP v3 are the enhancements to the security and remote configuration model. SNMP v3 adds cryptographic security to SNMP v2. SNMP v3 replaces the simple password sharing (as clear text) in SNMP v2 with a much more secure encoded security parameters.
|