enables mgt station to
retrieve object values
from managed entity
SET
enables the management station to set object values in managed entity
TRAP
enables a managed entity to notify the management station of significant events
Traps are sent by NW entities when they want to inform the management station of some event
implemented
with "protocol
data units"
(PDUs)
3 parts to a PDU message
version
community
SNMP operation
threats
primary
data modification of messages in transit
masquerade. as
agent or mgmt device
secondary
message stream modification.
recording or replay of messages
eavesdropping
vulnerabilities
no integrity protection
no timeliness guarantee
no replay protection
weath authentication mechanism
no confidentiality protection
Uses UPD, connectionless protocol so no
guarantee that mgmt traffic sent is recieved
Advantages
reduced overhead
protocol simplicity
Disadvantages
no inbuilt reliability
connection oriented operations must be
built into upper layer applications
To prevent one device acting with the
authority of another device, IE masquerading
as the management console
security services provided
authentication service
Assure the destination
device that the SNMP
PDU does come from
the source from which
it claims to be
access control service
Limit the SNMP
operations that a
device can request
according to device's
identity
security mechanisms provided to implement
these services based on idea of communities
authentication mechanism
community name
All PDUs from
mgt station must
contain the
community name
access mode mechanism
community profile
Each device stores a
community profile that
specifies which MIB
values and how those
values can be access by
an entity bearing the
associated community
name.