SNMPv3 addresses the basic lack of security inherent in the previous
SNMP versions by providing message security and access control. For
message security, it introduces the User-Based Security Model (USM),
which provides for authentication and privacy. Additionally, access
control is provided with View-Based Access Control Model (VACM). Both
USM and VACM provide for secure communications when you use SNMPv3.
- User-Based Security Model (USM)
- This model was designed to provide message security. USM supports
both authentication (data integrity, data authentication) and privacy
(protection against disclosure of message payload). For authentication,
the protocols supported are HMAC-MD5 and HMAC-SHA. For
privacy, CBC-DES 56-bit and AES 128-bit CFB mode are the supported
symmetric encryption protocols. If you use the AES protocol, the z/OS® Integrated Cryptographic Service
Facility (ICSF) must be active. For detailed information about configuring
ICSF, see z/OS Cryptographic Services ICSF Administrator's
Guide.
- View-Based Access Control Model (VACM)
- VACM is used to provide access control. With VACM, users are defined
to groups that are allowed to access different views or parts of the
management data (MIB objects), depending on defined data access privileges.