SNMPv3 User-Based Security Model (USM) Enhancements

SNMPv3 adds to v1 and v2c components by providing secure access to devices by authenticating and encrypting frames over the network. The Extreme Networks supported advanced security features provided in SNMPv3‘s User-Based Security Model are:

• Message integrity — Collects data securely without being tampered with or corrupted.
• Authentication — Determines the message is from a valid source.
• Encryption — Scrambles the contents of a frame to prevent it from being seen by an unauthorized source.

Unlike SNMPv1 and SNMPv2c, in SNMPv3, the concept of SNMP agents and SNMP managers no longer apply. These concepts have been combined into an SNMP entity. An SNMP entity consists of an SNMP engine and SNMP applications. An SNMP engine consists of the following four components:

• Dispatcher — Sends and receives messages.
• Message processing subsystem — Accepts outgoing PDUs from the dispatcher and prepares them for transmission by wrapping them in a message header and returning them to the dispatcher. Also accepts incoming messages from the dispatcher, processes each message header, and returns the enclosed PDU to the dispatcher.
• Security subsystem — Authenticates and encrypts messages.
• Access control subsystem — This component determines which users and which operations are allowed access to managed objects.