SNMPv3 Secure Management
SNMPv3 is one of two available secure management options on the AP; the other secure management option is
HTTPS (HTTP connection over Secure Socket Layer). SNMPv3 is based on the existing SNMP framework, but
addresses security requirements for device and network management.
The security threats addressed by Secure Management are:
Q
Modification of information
: An entity could alter an in-transit message generated by an authorized entity in such a
way as to effect unauthorized management operations, including the setting of object values. The essence of this
threat is that an unauthorized entity could change any management parameter, including those related to
configuration, operations, and accounting.
Q
Masquerade
: Management operations that are not authorized for some entity may be attempted by that entity by
assuming the identity of an authorized entity.
Q
Message stream modification
: SNMP is designed to operate over a connectionless transport protocol. There is a
threat that SNMP messages could be reordered, delayed, or replayed (duplicated) to effect unauthorized
management operations. For example, a message to reboot a device could be copied and replayed later.
Q
Disclosure
: An entity could observe exchanges between a manager and an agent and thereby learns the values of
managed objects and learn of notifiable events. For example, the observation of a set command that changes
passwords would enable an attacker to learn the new passwords.
To address the security threats listed above, SNMPv3 provides the following when secure management is enabled:
Q
Authentication: Provides data integrity and data origin authentication.
Q
Privacy (Encryption): Protects against disclosure of message payload.
Q
Access Control: Controls and authorizes access to managed objects.
NOTE:
The remainder of this guide describes how to configure a 520wl using the HTTP Web interface or the CLI
interface. For information on how to manage devices using SNMP, refer to the documentation that came with
your SNMP program. Also, refer to the MIB files for information on the parameters available by way of SNMP.
1-3