Network security enhancements for SNMP

With APAR PM96901 installed, z/OS® V2R1 Communications Server enhances the SNMP Agent, the z/OS UNIX snmp command, and the SNMP manager API to support the Advanced Encryption Standard (AES) 128-bit cipher algorithm as an SNMPv3 privacy protocol for encryption. The AES 128-bit cipher algorithm is a stronger encryption protocol than the current Data Encryption Standard (DES) 56-bit algorithm. AES is a symmetric cipher algorithm that the National Institute of Standards (NIST) selects to replace DES. RFC 3826, The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model (USM), specifies that Cipher Feedback Mode (CFB) mode is to be used with AES encryption. See Related protocol specifications for information about accessing RFCs.

Dependency: To use AES 128-bit encryption, the z/OS Integrated Cryptographic Services Facility (ICSF) must be configured and started.

Using network security enhancements for SNMP

To use this SNMP enhancement, perform the appropriate tasks in Table 1.

Table 1. Network security enhancements for SNMP
Task/Procedure	Reference
Configure and start the z/OS Integrated Cryptographic Services Facility (ICSF).	For detailed information about configuring ICSF, see z/OS Cryptographic Services ICSF Administrator's Guide.
For the SNMP Agent, configure an SNMPv3 user to use AES 128-bit encryption by specifying a USM_USER entry with the privProto field set to AESCFB128.	For detailed information about the privProto parameter, see the following references: Overview of SNMP security models in z/OS Communications Server: IP Configuration Guide Coding the SNMPD.CONF entries in z/OS Communications Server: IP Configuration Reference
For the z/OS UNIX snmp command, configure an SNMPv3 user to use AES 128-bit encryption by specifying a configuration statement with the privProto field set to AESCFB128.	For detailed information about the privProto parameter, see the following references: Overview of SNMP security models in z/OS Communications Server: IP Configuration Guide Coding the SNMPD.CONF entries in z/OS Communications Server: IP Configuration Reference
For the SNMP Manager API, configure an SNMPv3 user to use AES 128-bit encryption by specifying a configuration statement with the privProto field set to AESCFB128.	SNMP manager API configuration file in z/OS Communications Server: IP Programmer's Guide and Reference