summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-11-12 08:01:42 +0100
committerChristian Poessinger <christian@poessinger.com>2019-11-12 08:01:42 +0100
commit9610be887b0ace40875c23c2ea3fcbd3aea5fa14 (patch)
tree93281ae79fda9dd06ee53da4ad451e9b35043acb
parent5fcd3ec773e84b7210bcb1ddbfb572aa44bd69c1 (diff)
downloadvyos-documentation-9610be887b0ace40875c23c2ea3fcbd3aea5fa14.tar.gz
vyos-documentation-9610be887b0ace40875c23c2ea3fcbd3aea5fa14.zip
SNMP: add security information for SNMPv3
-rw-r--r--docs/services/snmp.rst19
1 files changed, 17 insertions, 2 deletions
diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst
index 351d3324..f169bb95 100644
--- a/docs/services/snmp.rst
+++ b/docs/services/snmp.rst
@@ -118,8 +118,23 @@ Example
SNMPv3
^^^^^^
-SNMPv3 is an updated version that, among other things, supports encryption and
-cryptographic authentication of clients.
+SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security
+related features that have been missing from the previous versions. Security
+was one of the biggest weakness of SNMP until v3. Authentication in SNMP
+Versions 1 and 2 amounts to nothing more than a password (community string)
+sent in clear text between a manager and agent. Each SNMPv3 message contains
+security parameters which are encoded as an octet string. The meaning of these
+security parameters depends on the security model being used.
+
+The securityapproach in v3 targets:
+
+* Confidentiality – Encryption of packets to prevent snooping by an
+ unauthorized source.
+
+* Integrity – Message integrity to ensure that a packet has not been tampered
+ while in transit including an optional packet replay protection mechanism.
+
+* Authentication – to verify that the message is from a valid source.
Example
*******