2What is SNMPv3? Provides security for SNMP Defines a database that determines what parts of each MIB each user can accessDatabase entries also determine what protocols are used to encrypt data
3Who Does What ?NET+OS SNMPv3 API provide a way for applications to create and change the security databaseUser applications must create the database at boot up and maintain it
4Database StructureDatabase consists of USM, VTF, S2G, and VACM entries.User based Security Model (USM) entries contain information about the user includingUsernameAuthentication keyEncryption key
5Database Structure – cont. Security to Group (S2G) entries associate a user with a group name.View Tree Family (VTF) entries define a view into a MIB. A view is a piece (possibly all) of a MIB.View based Access Control Model (VACM) entries associate a group with a view.
6For User to Access MIB Create a USM entry for the user Create an S2G entry that associates the user with a groupCreate a VACM entry that associates the group with a viewCreate a VTF entry that defines a view into the MIB
7Why SNMPv3 ?SNMPv1 doesn’t have security. If it’s on, don’t bother with SNMPv3.SNMPv2c has very weak securityNo support for SNMPv3 features described in RFC These features don’t seem to be important.
8Engine IDUsed to create hash user keys and for encryption and authenticationOlder versions of SNMPv3 based it on unit’s IP address. Bad idea since IP address can change.This version uses Ethernet MAC addressShould prevent problems with new customersMay create minor problems with customers who already had SNMPv3
9NASNMPv3 – Example Application Demonstrates how to start SNMPv3 and create security database entriesProvides command line interface that lets users view and create security data base entries