SNMP

The Java Dynamic Management Kit allows for two levels of security in SNMP:

• Community-based security via Access Control Lists.

• PDU encryption/filtering via the Snmp PDU factory.

The default implementation of the Snmp PDU factory does not provide any security. It only provides standard BER encoding/decoding of SNMP PDUs. However, you may replace the default Snmp PDU factory and implement encryption/filtering, based upon several factors:

• The host or community of the SNMP manager in a message before it is decoded.

• The type or contents of a request after it is decoded.

• Some encryption of the raw data.

Security on the agent side

On the agent side, the Java Dynamic Management Kit default implementation provides community-based security over Access Control List (ACL) files.

The ACL file is the default access control mechanism in the SNMP protocol adaptor. However, you may replace this default implementation with your own specification. For example, if your agent runs on a device with no file system, you could implement a mechanism which does not rely on the jdmk.acl file, by registering your own custom implementation with the SNMP protocol adaptor.

As outlined above, PDU encryption is not provided by default. However, you may provide any kind of security via PDU encryption/filtering by registering your own implementation of the Snmp PDU factory with the SNMP protocol adaptor. An example of such a secure agent is provided with Java Dynamic Management Kit 4.1.

Security on the manager side

On the manager side, a community-string can be specified via SnmpParameters upon the emission of a request. PDU encryption/decryption can also be implemented by registering your own implementation of the Snmp PDU factory, associated with either:

• The SNMP Peer, which is used for:

  • Encoding PDU requests.

  • Decoding received PDU responses.

• The SNMP Event Report Dispatcher, which is used for:

  • Decoding received PDU traps or inform requests.

  • Encoding PDU inform responses.