Skip to main content

1.3. Security Services

1.3. Security Services

The User-based Security Model provides two security services: data integrity and data confidentiality.

Data Integrity

Data integrity is the property that data has not been altered or destroyed in an unauthorized manner. The User-based Security Model provides this service through the use of authentication protocols. Authentication protocols ensure that:

  1. The identity of the message originator is authenticated.
  2. The message has not been altered in transit.

Data Confidentiality

Data confidentiality is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. The User-based Security Model provides this service through the use of privacy protocols. Privacy protocols ensure that the contents of SNMP messages are protected from disclosure.

Timeliness

In addition to data integrity and data confidentiality, the User-based Security Model provides protection against message delay and replay. This is accomplished through the use of time synchronization between SNMP engines and by including timeliness information in SNMP messages.

Relationship to Other Security Services

The User-based Security Model does not provide:

  • Non-repudiation: The model does not prevent a message originator from later denying that they sent a message.
  • Authorization: Authorization is provided by the Access Control Subsystem, not by the Security Model.
  • Key management: The model assumes that keys are pre-configured or distributed through secure means outside the scope of this specification.
Last updated on