APC IP DSLAM User's Guide download pdf (Page 20)

EDA 1200 System Overview

Figure 12 Protection Concept

2.4.2 SNMPv3 - User Based Access Control

SNMPv2 provides only weak authentication (community strings) and no privacy

(encryption). Introducing SNMPv3 in the EDA 1200 system ensures security in

the network management system by providing encryption and authentication

including verification of user rights. Without authentication, it is possible for

non authorized users to carry out SNMP network management functions.

Without encryption it is also possible for non-authorized users to eavesdrop

on management information as it passes from managed systems to the

management system.

The following features are provided by SNMPv3:

• Authentication - The authentication mechanism in SNMPv3 ensures that

a received message is, in fact, transmitted by the sender whose identifier

appears as the source in the message header. In addition, this mechanism

assures that the message was not altered in transit and that it was not

artificially delayed or replayed.

• Privacy - Ensure that data is transmitted from source to destination without

undetected modification (integrity) and protect from unauthorized disclosure

(encryption).

• Access Control – Determines whether access to a managed object is

allowed.

• All the functionality of SNMPv3 is placed in the SNMP Entity. As a

component of the SNMP Entity the Secure Subsystem authenticates and

encrypts the SNMP messages. An engine ID that uniquely identifies the

1/1551-LZA 101 464-V1 Uen C 2009-12-17

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 66 67

No comments

APC IP DSLAM User's Guide Page 20