Access control, Snmp concepts, The snmp configuration page – HP Secure Key Manager User Manual

secret key, and sends the message to the receiver, who decrypts it using the DES algorithm and the
same secret key.

Access control

Access control in SNMP makes it possible for agents to provide different levels of MIB access to
different managers. You can restrict access by allowing one NMS to view only standard MIBs and
another NMS to view both standard MIBs and Enterprise MIBs.

SNMP concepts

Before discussing how SNMP is configured on the SKM, it is important that a few terms are understood.

Management Station: A network management station (NMS) is a node on the network that runs SNMP
manager software. The NMS monitors network devices by polling agents, sending responses to inform
notifications sent by agents, and listening for unsolicited, asynchronous (UDP) messages from the
agents.

Agent: An agent is a device on the network that is running SNMP agent software. The agent is able
to communicate with the NMS to provide information about security, performance, system health,
statistics, etc.

Entity: An SNMP entity simply refers to an agent or an NMS. Both the agent and the NMS consist of
a variety of applications and services; however, for the sake of simplicity, this documentation does
not attempt to describe all the component parts.

Engine: Core SNMP software around which you can build an agent or NMS. For the sake of simplicity,
Engine and Entity are used interchangeably.

Engine ID: Unique identifier for an SNMP entity.

Community: A community, also referred to as a community string, is used by the agent when it is
communicating with an NMS running SNMPv1/v2. A community functions more like a password
than its name suggests. In combination with the IP address/subnet mask specified for a community,
the community name determines from where the SKM accepts a request for information. A community
should be defined on both the agent and the NMS.

Username: In combination with the security and authentication pieces of the User–based Security
Model (USM), the username determines from where the agent accepts SNMP requests. Also called a
security name, the username is used by the agent when communicating with an NMS running SNMPv3.
A username always has an associated security level and access level. Additionally, you can specify
an authorization password. Like a community name, a username should also be defined on the agent
and the NMS.

Notification: Notification is a generic term that refers to Traps and Informs – messages that an agent
might send to an NMS. Traps are simply data packets sent out by the agent that require no
acknowledgement from the NMS. Informs are similar to traps, but they require acknowledgement
from the NMS.

MIB: MIB is short for Management Information Base. MIBs define what kind of information can be
exchanged between the agent and the NMS. MIBs can be either Standard or Enterprise. Standard
MIBs are common to all SNMP systems; whereas Enterprise MIBs are particular to the HP hardware
and software.

The SNMP Configuration page

The SNMP Configuration page enables you to configure the HP agent, which is capable of
communicating with management stations that run SNMPv1, SNMPv2, and SNMPv3. There is only
one HP agent, whereas there might be multiple management stations.

Secure Key Manager

211