« Some say there are a number of questions about wireless | main | Pick up news: The IETF installed a new leader. »
March 16, 2005
CCIE Study memo: SNMPv3 (3)
Continued from the last entry.
SNMPv3 security mode: Authentication / No Privacy
There are two important elements in this model. The first one is a secret authentication key. This can be used against the threats 1 and 2, which I described in the last entry.
The SNMPv3 authentication mechanism works as follows:
1. A network administartor enters a username and passwrod to its management application so the application can access and mange network devices (agents in traditional SNMP term)
2. The management application converts the entered password and engineID into an authentication key using hush function.
3. This localised key, the time stamp and actual messages are also converted into message-digest by security processing mechanism such as SHA or MD5.
As for time stamp, I will describe in details at my next entry.
4. Then the manager(sender) sends the message with the message-digest inserted within to the receiver.
5. Receiver receives the message, it checks if it has some security level specified. If it finds out that the message needs to be authenticated, the agent calls a authentication module and check if the message is authentic by calculating the message authentication code using the same authentication key again.
If it confirms that it is authentic, then the receiver knows that the message actually came form the authorized user and the message itself was not modified during the transmission.
6. If the receiver's version of the authention key matches the value appended to the incoming message, it then checks if the message is within a time window. This is meant to provide protection agains t message replay and similar attacks.
Also the imporant thing here is that authentication passwords are not sent as clear texts whereas in SNMPv1 and v2, community strings are sent over the network as clear texts.
author aglogin : March 16, 2005 08:45 PM