Filter
Top Products
authorized manager, and that the message was not altered in transit. Note that the shared secret key
between sending and receiving parties must be preconfigured by a configuration manager or a network
manager, and loaded into the databases of the various SNMP managers and agents.
A separate “privacy facility” enables managers and agents to encrypt messages to prevent
eavesdropping by third parties. Again, manager entity and agent entity must share a secret key. When
privacy is invoked between a principal and a remote engine, all traffic between them is encrypted
using the Data Encryption Standard (DES). The sending entity encrypts the entire message using the
DES algorithm and its secret key, and sends the message to the receiving entity, which decrypts it
using the DES algorithm and the same secret key.
Another facility, called “access control” makes it possible to configure agents to provide different
levels of access to different managers. Unlike authentication, which is done by user, access control is
done by group, where a group may be a set of multiple users.
While SNMPv3 provides secure communications between human managers and the various managed
elements in a network it is not enough for security of web based applications. For this, Secure Socket
Layer (SSL) protocol and its extension the Transport Layer Security (TSL) protocol extend SNMP
features to web-based applications.
SSL – Secure Socket Layer
SSL is a protocol designed to enable encrypted, authenticated communications across the Internet, is
used mostly in communications between web browsers and web servers. When a web URL begins
with “https”, rather than “http”, this indicates that an SSL connection will be used, providing
authentication, as well as privacy and message integrity (through encryption). Another way of
explaining SSL is to say that it ensures that the information is sent, unchanged, only to the server to
which the sender intended to send it, eliminating eavesdropping, tampering, and message forgery.
SSL is use by online shopping sites, among other applications, to safeguard credit card information,
and therefore, has already demonstrated a level of security that should be adequate and appropriate for
industrial applications.
10