Drag and Drop Question

Drag and Drop Question

Drag and drop the SNMP attributes in Cisco IOS devices from the left onto the correct SNMPv2c or SNMPV3 categories on the right.

View Answer

Answer:

Explanation:

Both SNMPv1andv2did not focus much on security and they provide security based on community string only. Community string is really just a cleartext password (without encryption) Any data sent in cleartext over a network is vulnerable to packet sniffing and interception.

There are two types of community strings inSNMPv2c:

+ Read-only (RO): gives read-only access to the MIB objects which is safer and preferred to other method.

+ Read-write (RW): gives read and write access to the MIB objects. This method allows SNMP Manager to change the configuration of the managed router/switch so be careful with this type.

The community string defined on the SNMP Manager must match one of the community strings on the Agents in order for the Manager to access the Agents.

SNMP v 3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication using entities, users and groups.

This is achieved by implementing three new major features:

+ Message integrity: ensuring that a packet has not been modified in transit

+ Authentication: by using password hashing (based on the HMAC-MD5orHMAC-SHA algorithms) to ensure the message is from a valid source on the network.

+ Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.