74CHAPTER 5: CONFIGURING NETWORK MANAGEMENT

addition to the functions defined in SNMPv2c and SNMPv1. In other words, SNMPv3 develops SNMPv2c by adding security and management functions.

SNMPv1 and SNMPv2c lack security functions, especially in the aspect of authentication and privacy. SNMPv1 defines only a type of community representing a group of managed devices. Each NMS controls access to the devices via the community name list. However, agents do not verify whether the community names used by the senders are authorized, and they even do not check the IDs of administrators. Additionally, transmission of SNMP messages without encryption, which exposes the community name, brings potential threats to security. Even though some security mechanisms, like digest authentication, timestamp authentication, encryption and authorization, have been considered at the early stage of proposing SNMPv2c, only the “community name” similar to SNMPv1 is used in the final criterion of RFC 1901 through 1908. SNMPv2c is only a transitional version between SNMPv1 and SNMPv3. To avoid the lack of security in SNMPv1 and SNMPv2c, IETF develops the SNMPv3 protocol, which is described in RFC2271 through 2275 and RFC2570 through RFC2575 in details.

RFC2570 through RFC2575 supplements and subdivides SNMPv3 on the basis of RFC2271 through RFC2275, giving a complete and exact description of the processing of abnormal errors and the message processing procedure. The SNMPv3 framework thus defined has become a feasible standard.

Security of SNMPv3 is mostly represented by data security and access control.

Data security features provided in SNMPv3

Message-level data security provided in SNMPv3 includes the following three aspects:

Data integrity. It ensures that data will not be tampered with by means of unauthorized modes and the data sequence will only be changed within the permitted range.

Data origin authentication. It confirms which user the received data is from. Security defined in SNMPv3 is user-based. Hence, it authenticates the users that generate messages instead of the particular applications that are used to generate the messages.

Data confidentiality. Whenever an NMS or agent receives a message, it will verify when the message is generated. If the difference between the generating time of message and the current system time exceeds the specified time range, the message will be rejected. Thereby, it ensures that the message has not been tampered with in-transit on the network and prevents processing of received malicious messages.

Access control in SNMPv3

As a security measure, access control defined in SNMPv3 implements a security check on the basis of protocol operations, thereby to controlling access to the managed objects.

MIB accessible to a SNMP entity is defined by the particular context. For security reasons, different groups and corresponding authorities probably need to be defined on one entity. The authorities are specified by the MIB view. A MIB view specifies a collection of managed object types in the context. The MIB view takes the form of a “view sub-tree” to define objects because MIB adopts the tree structure. If the flag of the object to be accessed belongs to the MIB

Page 78
Image 78
3Com 10014299 manual Configuring Network Management