diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-11-12 08:01:42 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-11-12 08:01:42 +0100 |
commit | 9610be887b0ace40875c23c2ea3fcbd3aea5fa14 (patch) | |
tree | 93281ae79fda9dd06ee53da4ad451e9b35043acb /docs/services | |
parent | 5fcd3ec773e84b7210bcb1ddbfb572aa44bd69c1 (diff) | |
download | vyos-documentation-9610be887b0ace40875c23c2ea3fcbd3aea5fa14.tar.gz vyos-documentation-9610be887b0ace40875c23c2ea3fcbd3aea5fa14.zip |
SNMP: add security information for SNMPv3
Diffstat (limited to 'docs/services')
-rw-r--r-- | docs/services/snmp.rst | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst index 351d3324..f169bb95 100644 --- a/docs/services/snmp.rst +++ b/docs/services/snmp.rst @@ -118,8 +118,23 @@ Example SNMPv3 ^^^^^^ -SNMPv3 is an updated version that, among other things, supports encryption and -cryptographic authentication of clients. +SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security +related features that have been missing from the previous versions. Security +was one of the biggest weakness of SNMP until v3. Authentication in SNMP +Versions 1 and 2 amounts to nothing more than a password (community string) +sent in clear text between a manager and agent. Each SNMPv3 message contains +security parameters which are encoded as an octet string. The meaning of these +security parameters depends on the security model being used. + +The securityapproach in v3 targets: + +* Confidentiality – Encryption of packets to prevent snooping by an + unauthorized source. + +* Integrity – Message integrity to ensure that a packet has not been tampered + while in transit including an optional packet replay protection mechanism. + +* Authentication – to verify that the message is from a valid source. Example ******* |