Security

Why was SNMPv3 developed? How does it improve security over versions 1 and 2?

SNMP (Simple Network Management Protocol) currently has three major versions: SNMPv1, SNMPv2, and SNMPv3; while these are all principal versions of the SNMP protocol, there are several differences between each. SNMPv1, the first version of SNMP, met its intended goals as being an open, standard protocol, but lacked the ability for managing certain applications (such as only supporting 32-bit counters). SNMPv1 also had lackluster security features, making later versions a necessity. SNMPv2, built in 1993, featured the inform command, greater error handling, and improved SET commands.

SNMPv3, the newest version, features several improvements to security, such as the introduction to the User-based Security Model (USM), as well as the View-based Control Model (VACM). SNMPv3 also supports the SNMP ‘Engine ID’ identifier, thus being able to identify each SNMP entity uniquely. SNMP holds enterprise-level security, allowing it to handle encryption, authentication, and user-based access control, far better than previous versions. SNMPv3 was created to address the various security limitations of both v1 and v2. The SNMPv3 security model verifies that SNMP messages are not modified, verifies user identity, and detects if SNMP messages contain outdated management information (DPS Telecom, n.d.). While implementing SNMPv3 can be somewhat challenging, its benefits far outweigh the trouble.

Trivia Question: Our trivia question for the week: What is Code Red (not the drink), when did it originate, and what did it do to Cisco 675 and 678 routers?’

Code Red, the worm released on July 15, 2001, infected around 360,000 computers running Microsoft IIS web server before being noticed on July 19, 2001 (six days later). The original Code Red worm ran a DDoS attack on the white house, whereas the Code Red II worm exploited a buffer overrun in specific versions of Microsoft Windows 2000 and NT. The worm was called Code Red due to Marc Maiffret and Ryan Permeh’s, employees of eEye Digital Security, drinking of the Code Red Mountain Dew drink at the time of discovery. The Code Red worm also, as a side-effect, locked up Cisco 675 and 678 routers; to fix this, merely restarting the device was required (Asher-Dotan, 2017).

References

Stallings, W. (2017). Network Security Essentials: Applications and Standards (Sixth). Pearson.

DPS Telecom. (n.d.). Do You Understand SNMPv1, SNMPv2c, and SNMPv3? Retrieved May 19, 2020, from https://www.dpstele.com/snmp/v1-v2c-v3-difference.php.

Asher-Dotan, L. (2017, December 4). What is Code Red? Retrieved May 19, 2020, from https://www.cybereason.com/blog/what-is-code-red-worm.

 

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s