SNMPv1 and SNMPv2c protocols security model uses the community-based pseudo-authentication. That means that a password (called a community string) is sent in a clear text between a network management station and managed devices. Both SNMPv1 and v2c are subject to packet sniffing because they do not implement encryption. Security has been the biggest weakness of the SNMP since the beginning. More about SNMPv2c concepts, operation and configuration you can find at “SNMPv2c configuration on Huawei devices“.
What if we want SNMP to be used over a public network?
SNMPv3 can be implemented. It provides important security features, which are not available in both SNMPv1 and v2c:
- Confidentiality – encryption of packets to prevent snooping by an unauthorized source
- Integrity – to ensure that a packet has not been tampered while in transit using optional packet reply protection
- Authentication – to verify that a packet comes from a valid source.