summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/services/snmp.rst19
1 files changed, 17 insertions, 2 deletions
diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst
index 351d3324..f169bb95 100644
--- a/docs/services/snmp.rst
+++ b/docs/services/snmp.rst
@@ -118,8 +118,23 @@ Example
SNMPv3
^^^^^^
-SNMPv3 is an updated version that, among other things, supports encryption and
-cryptographic authentication of clients.
+SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security
+related features that have been missing from the previous versions. Security
+was one of the biggest weakness of SNMP until v3. Authentication in SNMP
+Versions 1 and 2 amounts to nothing more than a password (community string)
+sent in clear text between a manager and agent. Each SNMPv3 message contains
+security parameters which are encoded as an octet string. The meaning of these
+security parameters depends on the security model being used.
+
+The securityapproach in v3 targets:
+
+* Confidentiality – Encryption of packets to prevent snooping by an
+ unauthorized source.
+
+* Integrity – Message integrity to ensure that a packet has not been tampered
+ while in transit including an optional packet replay protection mechanism.
+
+* Authentication – to verify that the message is from a valid source.
Example
*******