30.12 New Features In SNMPv3
We said that version 3 of SNMP represents an evolution that follows and extends the basic framework of earlier versions. The primary changes arise in the areas of security and administration. The goals are twofold. First, SNMPv3 is designed to have both general and flexible security policies, making it possible for the interactions between a manager and managed devices to adhere to the security policies an organization specifies. Second, the system is designed to make administration of security easy.
To achieve generality and flexibility, SNMPv3 includes facilities for several aspects of security, and allows each to be configured independently. For example, v3 supports message authentication to ensure that instructions originate from a valid manager, privacy to ensure that no one can read messages asthey pass between a manager's station and a managed device, and authorization and view-based access control to ensure that only authorized managers access particular items. To make the security system easy to configure or change, v3 allows remote configuration, meaning that an authorized manager can change the configuration of security items listed above without being physically present at the device.
Abstract from Internetworking With TCP/IP Vol I: Principles, Protocols, and Architecture Fourth Edition,
DOUGLAS E. COMER,
Department of Computer Sciences Purdue University, West Lafayette, IN 47907,
PRENTICE HALL,
Upper Saddle River, New Jersey 07458