376
C
16: N
HAPTER
ETWORK
User-based Security
Model (USM)
View-based Access
Control Model
(SNMPv1, SNMPv2c
and SNMPv3)
M
ANAGEMENT
The SNMP default communities include Write (private) and Read (public).
The USM of SNMPv3 provides greater security than pre-SNMPv3
configurations. USM includes the following security features:
Verifies that each received SNMP message has not been modified
■
during its transmission through the network.
Verifies the identity of the user on whose behalf a received SNMP
■
message claims to have been generated.
Detects received SNMP messages, which request or contain
■
management information, whose time of generation was not recent.
When necessary, protects the contents of each received SNMP
■
message from disclosure.
USM provides three levels of security on a per-user basis:
No authentication and no privacy (no encryption of data)
■
This option is comparable to SNMPv1 and does not provide the
additional benefits of SNMPv3.
Authentication provided by Message Digest 5 (MD5) or Secure Hash
■
Algorithm (SHA) with no encryption of data
Authentication with encryption of data by Data Encryption Standard
■
(DES)
To set an SNMP user's level of security:
1 Login to the NBX NetSet utility using the administrator login ID and
password.
2 Click Network Management > SNMP Settings.
3 Click a user name.
4 From the Authentication Protocol drop-down list, select the level of
security.
5 Click Apply.
The View-based Access Control Model (VACM) determines the access
rights of a group that users belong to. You can configure each group to
have access to a view of the MIB, so that users belonging to that group