EasyManua.ls Logo

EndRun Sonoma D12 - Chapter Six - Simple Network Management Protocol (SNMP); Snmpv3 Security

EndRun Sonoma D12
172 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
S o n o m a U s e r M a n u a l
49
"Smarter Timing Solutions"
Chapter
Six
Simple Network Management Protocol (SNMP)
Your Sonoma includes the NET-SNMP version 5.5.1 implementation of an SNMP agent, snmpd, and
a SNMP notication/trap generation utility, snmptrap. It supports all versions of the protocol in
use today: SNMPv1 (the original Internet standard), SNMPv2c (never reached standard status, often
called “community SNMP”) and SNMPv3 (the latest Internet standard).
The NET-SNMP project has its roots in the Carnegie-Mellon University SNMP implementation. For
more detailed information about the NET-SNMP project and to obtain management software and
detailed conguration information, you can visit this website:
http://www.net-snmp.org
An excellent book which describes operation and conguration of various SNMP managers and
agents, including the NET-SNMP implementations, is available from O’Reilley & Associates:
Essential SNMP, Mauro & Schmidt, O’Reilley & Associates, 2001
If you are planning to operate with SNMPv3, it is highly recommended that you make use of both of
these resources to familiarize yourself with the agent conguration concepts.
SNMPv3 Security
Prior to SNMPv3, SNMP had denite security inadequacies due to using two community names in
a manner analogous to passwords that were transmitted over the network as clear text. In addition,
since no mechanism existed for authenticating or encrypting session data, any number of man-in-
the-middle data corruption/replacement exploits were possible in addition to plain old snooping to
learn the community names. SNMPv3 implements the User-based Security Model (USM) dened in
RFC-2274 which employs modern cryptographic technologies to both authenticate multiple users and
to encrypt their session data for privacy, much in the same way that SSH does for remote login shell
users.
In addition, it implements the View-based Access Control Model (VACM) dened in RFC-2275.
This RFC denes mechanisms for limiting the access of multiple users having various security levels
(no authentication, authentication or authentication plus privacy) to specic “views” of the Structure
of Management Information (SMI) object tree.

Table of Contents

Related product manuals