Previous | Table of Contents | Next |
When SNMPv1 was first published (circa 1988), the community name and the version number in the SNMP header provided the only message security capabilities. This provision, known as the trivial protocol, assured that both agent and manager recognized the same community name before proceeding with network management operations.
Additional research into security issues yielded three documents on the subject, all released in July 1992:
RFC | Title |
---|---|
1351 | SNMP Administrative Model |
1352 | SNMP Security Protocols |
1353 | Definitions for Managed Objects for Administration of SNMP Parties |
Further refinements of the above yielded three additional documents, all released in April 1993:
RFC | Title |
---|---|
1445 | Administrative Model for SNMPv2 |
1446 | Security Protocols for SNMPv2 |
1447 | Party MIB for SNMPv2 |
These RFCs were designed to address the authentication and privacy of network management communication. Authentication assures the appropriate origin of the message, while privacy protects the messages from disclosure. Unfortunately, implementing these enhancements proved to be more complex than either vendors or network managers anticipated; consequently, few products containing these improvements were developed. The result, SNMPv2C, with community-based security, has been the subject of this chapter.
Nevertheless, requirements for enhanced SNMP security exist. An administrative framework for SNMPv2, defined in the experimental RFC 1909 [5-10], describes how network management can be effective in a variety of configurations and environments, using various techniques such as authorization, authentication and privacy. In addition, two alternatives have been proposed to address the security aspects in particular. The first is called SNMPv2U, which stands for a User-based security model; it is described in the experimental RFC 1910 [5-11] and references [5-12] and [5-13]. The second is called SNMPv2* (pronounced SNMP vee-two-star), and is described in references [5-14] and [5-15]. As might be expected, both proposals have very vocal proponents. An IETF working group, called the SNMPv3 (formally called the SNMPng for next generation) working group is chartered with proposing a resolution; readers interested in following the discussion may wish to investigate Reference [5-16].
This chapter concludes our discussion of the three aspects of the Internet Network Management Framework. In Chapter 6, we will discuss the underlying transport protocols that are used in conjunction with SNMP for network management communication.
Previous | Table of Contents | Next |