Information Technology Reference
In-Depth Information
provides authentication and privacy by using usernames and access control by using
key management. Security levels are implemented to determine which devices a user can
read, write, or create. SNMPv3 also verifies each message to ensure that it has not been
modified during transmission. SNMPv3 removes the use of community-based authentica-
tion strings, which were sent in clear text over the network. It is recommended that
SNMPv1 and SNMPv2 be used only for read-only access, while SNMPv3 be used with
read-write access.
SNMPv3 introduces three levels of security:
noAuthNoPriv:
No authentication and no encryption
■
authNoPriv:
Authentication and no encryption
■
authPriv:
Authentication and encryption
■
The noAuthNoPriv level provides no authentication and no privacy (encryption). At the
authNoPriv level, authentication is provided but not encryption. The authPriv level pro-
vides authentication and encryption.
Authentication for SNMPv3 is based on Hash-based Message Authentication Code - mes-
sage digest 5 (HMAC-MD5) or HMAC - Secure Hash (HMAC-SHA) algorithms. The Ci-
pher Block Chaining-Data Encryption Standard (CBC-DES) standard is used for
encryption.
Ta ble 1 5 - 4 summarizes SNMP security levels.
Ta b l e 1 5 - 4
SNMP Security Levels
Version
Level
Authentication
Encryption
SNMPv1
NoAuthNoPriv
Community String
None
SNMPv2
NoAuthNoPriv
Community String
None
SNMPv3
NoAuthNoPriv
Username
None
SNMPv3
AuthNoPriv
MD5 or SHA
None
SNMPv3
AuthPriv
MD5 or SHA
DES, 3DES, AES
This section covers RMON, NetFlow, CDP, and syslog technologies used to gather net-
work information.
RMON
RMON is a standard monitoring specification that enables network monitoring devices
Key
