There are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.
In SNMPv1 and SNMPv2c, the NMS controls the authority to access managed nodes by using the community name list. The agent does not check the validity of the community name. SNMP packets are transferred without encryption. That is, security is not guaranteed for authentication and confidentiality.
Compared with SNMPv1, SNMPv2c supports:
More operations and data types
Plenty of error codes
Multiple transport layer protocols
SNMPv3 provides all the functions of SNMPv1 and SNMPv2, and features a security mechanism that authenticates and encrypts SNMP packets. In terms of security, SNMPv3 emphasizes security of data and access control.
SNMPv3 ensures the security for SNMP packets in the following ways:
Data integrity check
The data cannot be modified in an unauthorized manner. The change of the data sequence is limited to the allowed extent.
Data origin authentication
SNMPv3 authenticates the managed node from which the received packet originates and not the application that generates the packet.
Data confidentiality
When the NMS or the agent receives a packet, it checks the time at which the packet is generated. If the difference between the creation time and the system time exceeds the threshold, the packet is discarded. In this way, the packets that are modified by malicious users are not accepted.
SNMPv3 control the access to the MOs by the operations of the protocol.