Snmpv3 Benefits; Snmpv3 Costs; User-Based Security Model - Cisco NCS 5000 Series Manual

SNMPv3 Benefits

6 Triple Data Encryption Standard
7 Advanced Encryption Standard
Use of 3DES and AES encryption standards requires that the security package (k9sec) be installed. For
information on installing software packages, see Upgrading and Managing Cisco IOS XR Software.
SNMPv3 Benefits
SNMPv3 provides secure access to devices by providing authentication, encryption and access control. These
added security benefits secure SNMP against the following security threats:
• Masquerade—The threat that an SNMP user may assume the identity of another SNMP user to perform
• Message stream modification—The threat that messages may be maliciously reordered, delayed, or
• Disclosure—The threat that exchanges between SNMP engines could be eavesdropped. Protecting
In addition, SNMPv3 provides access control over protocol operations on SNMP managed objects.

SNMPv3 Costs

SNMPv3 authentication and encryption contribute to a slight increase in the response time when SNMP
operations on MIB objects are performed. This cost is far outweighed by the security advantages provided
by SNMPv3.
Table 1
level combinations.
Table 4: Order of Response Times from Least to Greatest
Security Model
SNMPv2c
SNMPv3
SNMPv3
SNMPv3

User-Based Security Model

SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following
services:
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
24
management operations for which that SNMP user does not have authorization.
replayed (to an extent that is greater than can occur through the natural operation of a subnetwork service)
to cause SNMP to perform unauthorized management operations.
against this threat may be required as a matter of local policy.
shows the order of response time (from least to greatest) for the various security model and security
Security Level
noAuthNoPriv
noAuthNoPriv
authNoPriv
authPriv
Implementing SNMP