SNMPv3 enhances the features offered by SNMPv2 with security
and administration features. The version 3 of SNMP provides
management systems with crucial security functions by using
two different models of security. The User-based Security
Model (USM) provides authentication and privacy (encryption)
functions and operates at the message level. The View-based
Access Control (VACM), on the other hand, brings a flexible,
group-based access control to the authenticated users.
SNMPv3 Support in WebNMS SNMP API
WebNMS SNMP API provides an elegant way of implementing
the security and access controls. Users can also define and
implement their own security and access control model. Default
implementation of USM and VACM based security models are offered
using these frameworks. Also, SNMP API has the provision to
store the v3 configuration data in a database. This is particularly
useful when managing large number of SNMPv3 devices via WebNMS
SNMP API.
WebNMS SNMP API completely supports SNMPv3, as it is compliant
with RFC 3411, 3412, 3413, 3414, and 3415. It also supports
co-existence, notification filtering, and proxy forwarding;
thus confirming to the RFC 2573 and 2576.
Why SNMPv3
SNMPv3 is designed to protect against the following
Modification of Information - Protection against
some unauthorized SNMP entity altering in-transit SNMP messages
generated on behalf of an authorized principal.
Masquerade - Protection against attempting unauthorized
management operations by assuming the identity of another
principal that has the appropriate authorizations.
Message Stream Modification - Protection against
messages getting maliciously re-ordered, delayed or replayed
in order to effect unauthorized management operations.
Disclosure - Protection against eavesdropping on
the exchanges between SNMP engines.
