Network management protocol

Network management protocol
SNMP version
SNMP protocol versions include SNMPv1, snmpv2c and SNMPv3.
Both SNMPv1 and snmpv2c use community name based authentication. NMS controls access to the device through the community name list, while the agent does not verify whether the sender uses the authorized community name. At the same time, SNMP messages are not encrypted, so there is no security guarantee in authentication and privacy.
Snmpv2c is enhanced on the basis of SNMPv1. The enhanced functions include supporting more operations, supporting more data types, providing richer error handling codes and supporting a variety of transmission protocols.

SNMPv3 defines the system framework including all functions of SNMPv1 and SNMPv2 and a new security mechanism including authentication service and encryption service.

The security of SNMPv3 is mainly reflected in data security and access control.

SNMPv3 provides message level data security, which includes the following three situations:

-Data integrity: the data will not be modified without authorization, and the change of data sequence will not exceed the scope of license.

-Data source verification: confirm which user the received data comes from. The security defined by SNMPv3 is user based. It verifies the user who generates the message, not the specific application that generates the message.

-Data verification check: when NMS or agent receives a message, check the generation time of the message. If the difference between the message time and the current system time exceeds the specified time range, the message will not be accepted. This can prevent messages from being maliciously changed during network transmission, or receiving and processing maliciously sent messages.

The access control of SNMPv3 is a security check based on protocol operation to control the access to managed objects.

This work adoptsCC agreement, reprint must indicate the author and the link to this article