4. Why was SNMPv3 developed? How does it improve security over versions 1 and 2?
The main purpose of SNMPv3 was to bring a level of security not seen in SNMPv1 or SNMPv2. To maintain interoperability of SNMP, SNMPv3 is an addition or layer added on to SNMPv1 or SNMPv2 and not a new standalone version.
SNMPv3 adds two major security features which are the User-based Security Model (USM) and the View-based Access Control Model (VACM). The USM provides data integrity, authentication and data confidentiality. The Data integrity and authentication is handled by utilizing two different hashing methods. The HMAC-MD5-96 uses the Message Digest Algorithm (MD5) and HMAC-SHA-96 Secure Hash Algorithm (SHA-1) to protect the integrity of the data. The USM protects the confidentiality of the data by using the Data Encryption Standard (DES) to encrypt the data.
…show more content…
The VACM uses the access policy which is already built into SNMP and builds upon it by adding a group, security level and context to the mix. In general the group outlines access rights for users (securityNames). The security level provides a great level of security granularity for group users. Each group user could have different access rights based on the security level assigned. The context is the list of management information which any SMTP user (entity) has access. The three security items provided by SNMPv3 gives SNMP more flexibility to how entities can access the management information of devices or