SNMPv1 security consists of a pairing of an SNMP agent with some arbitrary set of SNMP managers to form an SNMP community. Each SNMP community is given a name called the community name or community string for the community. Common community names are public (read-only), private (read-write), and trap. The permissions (read-only, read-write) for a community name indicate the read-write permissions of an SNMP manager when using that community name to access an agent’s MIB. Community names can be thought of as passwords to SNMPv1 agents.

Like SNMPv1, SNMPv2c uses the notion of communities to establish trust between SNMP managers and SNMP agents. Unlike SNMPv1, SNMPv2c uses an updated version of the structure of management information (SMI), which extends the MIB object tree, allows several new data types, and makes a number of other changes. SNMPv2c is more efficient than SNMPv1 and has better error-handling capabilities.

SNMPv3 provides integrity, authenticity, data privacy, and access control for SNMP messages exchanged between an SNMP manager and the managed SNMP agents. Unlike the community-based administrative model of SNMPv1 and V2C, SNMPv3 unambiguously identifies the source and destination of each SNMP message. And instead of using community names to establish trust between SNMP managers and SNMP agents, SNMPv3 uses the following security-related services to establish trust:

  • Authentication

    The source includes information in each sent message that identifies the source as authentic, and performs the required functions to ensure message integrity. A typical authentication scheme requires that the source and destination parties share the same authentication key.

  • Privacy

    Messages are encrypted to achieve privacy. The encryption is done in such a way that only the intended destination can perform the decryption. A typical privacy scheme requires that the source and destination parties share the same privacy key.

  • Access control

    Both the source and destination play a part in access control. Each destination may have a distinct access policy for each potential source, which gives an administrator considerable flexibility in setting up an SNMP management system and assigning various levels of authorization to different users.