Presentation on theme: "SNMP v3. What is SNMPv3? Provides security for SNMP Defines a database that determines what parts of each MIB each user can access Database entries also."— Presentation transcript:
What is SNMPv3? Provides security for SNMP Defines a database that determines what parts of each MIB each user can access Database entries also determine what protocols are used to encrypt data
Who Does What ? NET+OS SNMPv3 API provide a way for applications to create and change the security database User applications must create the database at boot up and maintain it
Database Structure Database consists of USM, VTF, S2G, and VACM entries. User based Security Model (USM) entries contain information about the user including –Username –Authentication key –Encryption key
Database Structure – cont. Security to Group (S2G) entries associate a user with a group name. View Tree Family (VTF) entries define a view into a MIB. A view is a piece (possibly all) of a MIB. View based Access Control Model (VACM) entries associate a group with a view.
For User to Access MIB Create a USM entry for the user Create an S2G entry that associates the user with a group Create a VACM entry that associates the group with a view Create a VTF entry that defines a view into the MIB
Why SNMPv3 ? SNMPv1 doesn’t have security. If it’s on, don’t bother with SNMPv3. SNMPv2c has very weak security No support for SNMPv3 features described in RFC These features don’t seem to be important.
Engine ID Used to create hash user keys and for encryption and authentication Older versions of SNMPv3 based it on unit’s IP address. Bad idea since IP address can change. This version uses Ethernet MAC address Should prevent problems with new customers May create minor problems with customers who already had SNMPv3
NASNMPv3 – Example Application Demonstrates how to start SNMPv3 and create security database entries Provides command line interface that lets users view and create security data base entries