No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Mechanism

Security Mechanism

The security mechanism of the SNMP NBI is based on SNMP. All connections to the SNMP NBI must pass SNMP authentication. Security mechanisms vary with SNMP versions. The NBI supports SNMPv1, SNMPv2c, and SNMPv3. SNMPv3 is recommended because it is more secure.

SNMPv1 and SNMPv2c Security Mechanisms

SNMPv1 and SNMPv2c use community-based SNMP authentication. The third-party system controls device access rights using the community list. The agent does not check whether the sender uses the authorized community. SNMP messages are not encrypted before transmission, leaving authentication and privacy vulnerable to attacks.

  • The third-party system must obtain the community name of the agent before performing the get, get next, and set operations.
  • Traps and informs use the community of the agent as their community.

SNMPv1 does not support informs.

SNMPv3 Security Mechanism

SNMPv3 uses user-based SNMP authentication. Being reflected in data security and access control, SNMPv3 security is greatly improved in comparison with SNMPv1 and SNMPv2c security.

SNMPv3 provides message-level data security in terms of:

  • Data integrity

    Data modification must be authorized, and data sequence change must be within an allowed range.

  • Data source verification

    Data source, that is, the user who sends the data, must be identified. Based on users, SNMPv3 security verifies a user who sends messages, but not an application that generates messages.

  • Data validity check

    When the third-party system or agent receives a message, it checks the message generation time. If the difference between the message generation time and the system time is out of range, the third-party system or agent rejects the message. This prevents messages from being maliciously modified during transmission or avoids receiving or processing malicious messages.

In SNMPv3, access control checks security of protocol-based operations and controls accesses to managed objects (MOs).

Security Level

Different SNMP versions support different security levels, as shown in Table 4-2.

Table 4-2 Security level

Version

Security Level

Authentication

Data Encryption

Description

v1

NoAuth and NoPriv

Community

None

Community-based authentication

v2c

NoAuth and NoPriv

Community

None

Community-based authentication

v3

NoAuth and NoPriv

User name

None

User-based authentication

Auth and NoPriv

MD5 and SHA

None

MD5- or SHA-based authentication

Auth and Priv

MD5 and SHA

AES and DES

MD5- or SHA-based authentication and AES- or DES-based encryption

The name, authentication password, and encryption password of an SNMPv3 user are independent of each other. The security levels, authentication algorithms, and encryption standards apply to all users.When SNMPv3 is used, SHA for authentication and AES for data encryption are recommended to enhance security.

Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044386

Views: 17757

Downloads: 87

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next