SNMP v3

1
SNMP v3
2
What is SNMPv3?

• Provides security for SNMP
• Defines a database that determines what parts of
  each MIB each user can access
• Database entries also determine what protocols
  are used to encrypt data

3
Who Does What ?

• NETOS SNMPv3 API provide a way for applications
  to create and change the security database
• User applications must create the database at
  boot up and maintain it

4
Database Structure

• Database consists of USM, VTF, S2G, and VACM
  entries.
• User based Security Model (USM) entries contain
  information about the user including
• Username
• Authentication key
• Encryption key

5
Database Structure cont.

• Security to Group (S2G) entries associate a user
  with a group name.
• View Tree Family (VTF) entries define a view into
  a MIB. A view is a piece (possibly all) of a
  MIB.
• View based Access Control Model (VACM) entries
  associate a group with a view.

6
For User to Access MIB

• Create a USM entry for the user
• Create an S2G entry that associates the user with
  a group
• Create a VACM entry that associates the group
  with a view
• Create a VTF entry that defines a view into the
  MIB

7
Why SNMPv3 ?

• SNMPv1 doesnt have security. If its on, dont
  bother with SNMPv3.
• SNMPv2c has very weak security
• No support for SNMPv3 features described in
  RFC-3413. These features dont seem to be
  important.

8
Engine ID

• Used to create hash user keys and for encryption
  and authentication
• Older versions of SNMPv3 based it on units IP
  address. Bad idea since IP address can change.
• This version uses Ethernet MAC address
• Should prevent problems with new customers
• May create minor problems with customers who
  already had SNMPv3

9
NASNMPv3 Example Application

• Demonstrates how to start SNMPv3 and create
  security database entries
• Provides command line interface that lets users
  view and create security data base entries