SNMP Security

SNMP security is based on so called Community Strings, which play a role of passwords. Managers and agents use the community strings to authenticate each other for performing different kinds of operations. There are three community strings controlling different kinds of activities:

The read-only community string is used by agent to authenticate manager for performing read operations.
The read-write community string is used by agent to authenticate manager for reading and modifying data values.
The trap community string is used by manager to decide if it can trust the event notification.

The main security issue of SNMPv1 and SNMPv2 is that the community strings are transmitted as clear text. This makes the managed network extremely vulnerable to snooping by packet sniffing. SNMPv3 introduces encryption of community strings, and thereby significantly enhances security of management operations. Although SNMPv3 makes your network much more secure, it is still subjected to various attacks, and security aspects should be considered thoroughly.

It is recommended to consider the use of the SNMPv3 in order to provide SNMP security in your network. Specifically, the User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) and the View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) should be taken into account and used.

DPF_EXPORT_V5.8.8 / TIME_1743710561 / 2025-04-03 20:02:41 / STRLEN_1897 / STRLEN_HTML_2223

{VERSION}

Was this page helpful?