743397
U2.6 SNMPv3
- Designed to take
care of threats from
SNMPv1 and SNMPv2
- data modification
- masquerade
- massage stream modification
- reorder
- replay
- delay
- reorder
- eavesdropping
- data modification
- adopted security services
- data origin authentication
- HMAC on encrypted message
- shared key (K2) derived from
snmpEngineID of
authoritative entity + network
admin passphrase
- pretects against masquerade
- HMAC on encrypted message
- data integrity
- HMAC on encrypted message
- shared key (K2) derived from
snmpEngineID of
authoritative entity + network
admin passphrase
- protects against
data modification
- protects against
message stream
modification (reorder)
- HMAC on encrypted message
- data confidentiality
- DES cipher block chaining
- shared key (K1) derived from
snmpEngineID of
authoritative entity + network
admin passphrase
- protects against
eavesdropping
- DES cipher block chaining
- message timelines (limited replay protection)
- entities must synchronize clocks
- 150 second window for
communication exchanges
- protects against message stream modification
- replay
- delay
- replay
- entities must synchronize clocks
- data origin authentication
- general setup
- network admin
gives to all
SNMP entities
- a unique
snmpEngineID
- network admin's
SNMP passphrase
- a unique
snmpEngineID
- encryption and HMAC keys based
on values from "authoritative entity"
in a communication exchange
- GET, SET SNMP PDU
- receiver is authoritative entity
- receiver is authoritative entity
- TRAP, REPORT, RESPONSE SNMP PDU
- sender is the authoritative entity
- sender is the authoritative entity
- GET, SET SNMP PDU
- network admin
gives to all
SNMP entities
Want to create your own Mind Maps for free with GoConqr? Learn more.