Phần này sẽ cung cấp cho một cái nhìn tổng quan ngắn gọn về an ninh SNMP và sẽ chi tiết làm thế nào để cho phép SNMP an toàn hơn. Cisco IOS hỗ trợ một số lượng lớn các lệnh liên quan đến SNMP, những người không có một tác động trực tiếp về an ninh không được bảo hiểm. | Router Security Configuration Guide problems. There are currently three versions of SNMP SNMPvl SNMPv2c and SNMPv3. IOS version supports SNMPv1 and SNMPv2c. IOS versions and later support all three versions of SNMP. This section will give a brief overview of SNMP security and will detail how to enable SNMP more securely. Cisco IOS supports a large number of SNMP-related commands those that do not have a direct impact on security are not covered. SNMP Security When SNMPv1 was developed it was originally intended to be a short-term solution for remotely managing networks. As such it was developed quickly and strong security was not a requirement. However since it was the only network management protocol available at the time it became widely used. Proposals were put forth to integrate security as well as more functionality into later versions of the protocol. Unfortunately conflict arose between competing proposal advocates and no security standard was agreed upon. Consequently strong security was left out of SNMPv2c. In the late 1990s SNMPv3 was developed specifically with strong security in mind. SNMPv1 and SNMPv2c have weak security. SNMPv1 uses a community string to limit access to the MIB. This string is sent across the network in clear text. SNMPv2 relies on the same mechanism for access control to the MIB. SNMPv3 defines three levels of security. They are described in the table below. Table 4-4 SNMPv3 Security Security Level Authentication Encryption SNMPv3 noAuthNoPriv Username sent in the clear None authNoPriv HMAC-MD5 orHMAC-SHA None authPriv HMAC-MD5 or HMAC-SHA DES 56-bit The Cisco documentation indicates that IOS supports all three security levels. However DES 56-bit encryption was not supported in the versions of IOS used for preparation of this section 7 and 5 . SNMP Vulnerability In early 2002 serious SNMP vulnerabilities were disclosed that affected Cisco routers and many other network devices. If your IOS release is one of .