1. SNMPv3 1.DESIGN REQUIREMENTS 2.BIRTH & FEATURES of SNMPv3 3.ARCHITECTURE 4.SECURE COMMUNICATION - USER SECURITY MODEL (USM) 5. ACCESS CONTROL - VIEW BASED ACCESS CONTROL MODEL (VACM) 6. IMPLEMENTATIONS 7. REFERENCES Copyright © 2001 by Aiko Pras These sheets may be used for educational purposes

2. DESIGN REQUIREMENTS ADDRESS THE NEED FOR SECURY SUPPORT DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTURE MOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS ALLOW FOR FUTURE EXTENSIONS KEEP SNMP AS SIMPLE AS POSSIBLE ALLOW FOR MINIMAL IMPLEMENTATIONS SUPPORT ALSO THE MORE COMPLEX FEATURES, WHICH ARE REQUIRED IN LARGE NETWORKS RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE

3. The Birth and Features of SNMPv3 SNMPv3 Working Group did not "reinvent the wheel," but reused the SNMPv2 Draft Standard documents (i.e., RFCs 1902-1908) As a result, SNMPv3 is SNMPv2 plus security and administration. The new features of SNMPv3 (in addition to SNMPv2) include: Security  authentication and privacy  authorization and access control Administrative Framework  naming of entities  people and policies  usernames and key management  notification destinations  proxy relationships  remotely configurable via SNMP operations

4. SNMPv3 RFCs OTHER SNMP APPLICATIONS SNMP ENGINE MESSAGE PROCESSING SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM ACCESS CONTROL SUBSYSTEM SNMP ENTITY RFC 3413 RFC 3411 RFC 3412 USM: RFC 3414VACM: RFC 3415

5. RFC 3410 (Informational) - Introduction and Applicability Statements for Internet Standard Management Framework (December 2002) RFC 3411 - An Architecture for Describing SNMP Management Frameworks (December 2002) RFC 3412 - Message Processing and Dispatching (December 2002) RFC 3413 - SNMP Applications (December 2002) RFC 3414 - User-based Security Model (December 2002) RFC 3415 - View-based Access Control Model (December 2002) RFC 3416 - Version 2 of SNMP Protocol Operations (December 2002) RFC 3417 - Transport Mappings (December 2002) RFC 3418 - Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) (December 2002) RFC 3411-3418 have all become Internet Standard SNMPv3 RFCs (2)

6. SNMPv3 ARCHITECTURE

7. SNMPv3 ARCHITECTURE: MANAGER

8. SNMPv3 ARCHITECTURE: AGENT

9. CONCEPTS: snmpEngineID

10. MODULES OF THE SNMPv3 ARCHITECTURE  DISPATCHER AND MESSAGE PROCESSING MODULE SNMPv3 MESSAGE STRUCTURE snmpMPDMIB RFC 3412 (Standard)  APPLICATIONS snmpTargetMIB snmpNotificationMIB snmpProxyMIB RFC 3413 (Standard)  SECURITY SUBSYSTEM USER-BASED SECURITY MODEL (USM) snmpUsmMIB RFC 3414 (Standard)  ACCESS CONTROL SUBSYSTEM VIEW-BASED ACCESS CONTROL MODEL (VACM) snmpVacmMIB RFC 3415 (Standard)

11. SNMPv3 MESSAGE STRUCTURE

12. SNMPv3 PROCESSING MODULE PARAMETERS

13. SECURE COMMUNICATION VERSUS ACCESS CONTROL

14. USM: SECURITY THREATS

15. USM MESSAGE STRUCTURE

16. VIEW BASED ACCESS CONTROL MODEL ACCESS CONTROL TABLE MIB VIEWS

17. ACCESS CONTROL TABLES

18. MIB VIEWS

19. SNMPv3 IMPLEMENTATIONS ACE*COMM AdventNet BMC Software Cisco Epilogue Gambit Communications Halcyon IBM ISI IWL MG-SOFT MultiPort Corporation SimpleSoft SNMP Research SNMP++ TU of Braunschweig Net-SNMP University of Quebec

20. SNMPv3 References http://www.ibr.cs.tu-bs.de/ietf/snmpv3/ http://www.ietf.org/html.charters/snmpv3-charter.html http://www.simpleweb.org/ietf/ http://www.net-snmp.org READ Chapters 14, 15, 16, 17 of Stallings Read SNMPv3 White Paper, http://www.snmp.com/snmpv3/v3white.html