ETC[NETWORK] SNMP versions

Robert
Dec/14/2018 15:29
view counts 87


Hi!

There are three versions of SNMP so far.

Since the first SNMPv1, it is now up to SNMPv3.


If so, what's the difference between the versions?




1. SNMPv1



SNMPv1 was first enacted on RFC 1157 in 1988.

Version 1 have the basic functions of SNMP. It was also possible to request information of the managed device to read the status information, and to check for a failure or an abnormality through the SNMP Trap message.


But Security was very poor! 


SNMPv1 receives all the data sent and received in plain text without encrypting it. In other words, there is no encryption at all !!

Of course, there is a Community value, which is a kind of password that must be shared between the SNMP agent and the SNMP manager. However, the fact that the data transmitted over the network is not encrypted at all is a big security issue.

 

For this reason, SNMPv1 is a protocol that can not be used anywhere in the world today.



2. SNMPv2



In 1991, SNMPv2 was released with revises SNMPv1.


SNMPv2 is the most widely used and most popular protocol on the market today.


In SNMPv1, when you want to load a lot of data like a routing table, it is inefficient because you can only get Request / Response repeatedly. To make up for this, they added a message called GetBulk, which made it possible to process large amounts of data and reduce unnecessary bandwidth, effectively using the network.


SNMPv2 introduced a much better security approach, but the public was not very receptive to it.

The reason for this was due to the complexity of the configuration and the implementation. Due to the difficult configuration, people who used SNMPv1 would not be upgrading.


So finally a new version v2c was released.

In SNMPv2c, community value based authentication was restored. It revived community values so that existing users could feel free to use them.

As a result, the number of users of SNMPv2 has increased, but security vulnerabilities have remained untreated.

In the end, many network engineers have used v2c in read-only mode (RO).





3. SNMPv3


Seven years after the release of SNMPv2, SNMPv3 was announced in 1998.

Unlike when going from SNMPv1 to SNMPv2, there are really a lot of improvements, enhancements, and improvements related to convenience.

And most importantly, Security and Cryptography have been strongly changed.


In SNMPv3 we have configured a new security model.

Of the three items, you can choose the way you want to enhance your security.

  • noAuthnoPriv: Authenticate authenticates username matching functionality. It is the same functionality as the community value in the existing version.
  • authNoPriv: Control access through MD5 or SHA algorithm based authentication.
  • authPriv: Provides MD5 or SHA algorithm based authentication. DES encryption also allows traffic messages to be encrypted.



This version of SNMP has been upgraded to include SNMPv3, which is the last version.

If you can not understand it because there are too many contents on the above, it would be helpful enough to refer only to the summary below.


Version
Certification
Authentication method
Encryption
Contents
SNMPv1
noAuthnoPriv
Community string value
none
Enable community string matching when authenticating.
SNMPv2c
noAuthnoPriv
Community string value
none
Enable community string matching when authenticating.
SNMPv3
noAuthnoPriv
Username value
none
Enables username matching when authenticating.
authnoPriv
MD5 or SHA
none
MD5 or SHA algorithm-based authentication.
authPriv
MD5 or SHA
DES
MD5 or SHA algorithm-based authentication. In addition, use DES encryption to encrypt traffic.


  • SNMPv1 and SNMPv2 do not encrypt authentication and communication interval (noAuthnoPriv)
  • Traffic transmitted via SNMP is transmitted in plain text without encryption in SNMPv1 and SNMPv2 but is transmitted in encrypted form from SNMPv3 to DES.
  • Currently, the most popular version is SNMPv2, but the trend is steadily moving to SNMPv3.
  • SNMP upper and lower versions are not compatible with each other. Only the same version can communicate.


0 0