The security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The various security levels that exist within a security model are as follows:
noAuthNoPriv - Security level that does not provide authentication or encryption.
AuthNoPriv - Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
authPriv - Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) may be used.
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level determine the security mechanism applied when the SNMP message is processed.
The main difference between SNMPv3 and v2 (or v1) is that the v3 version addresses the security and privacy issues. For example, in SNMPv2, passwords are transmitted in plain text, whereas v3 uses encryption.
The advantages are given below, in brief:
1. Authentication
2. Privacy
3. Authorization and Access Control
4. Remote configuration and administration capabilities
The following are the snmp security model and their encryption types
Security Model | Security Level | Authentication | Encryption Type |
---|---|---|---|
SNMPv1 | noAuthNoPriv | Community string | None |
SNMPv2c | noAuthNoPriv | Community string | None |
SNMPv3 | noAuthNoPriv | User name | None |
AuthNoPriv | MD5 or SHA | None | |
authPriv | MD5 or SHA | CBC-DES (DES-56) |