In the case of all versions of SNMP, the term "Trap" is used to define a one-way message from a device (Agent) to a central master station (Manager).
SNMPv3 is the newest version of SNMP. Its primary benefit is better security via encrypted protocol messages.
The SNMPv3 trap format is about the same as the previous formats for v1, v2, and v2c, but with a few slight differences.
The asynchronous alert includes three different parameters that must be included.
- sysUpTime value.
- OID identifying type of trap.
- optional variable bindings.
Destination addresses for SNMP v3 traps are determined in a manner that is application-specific. Using trap configuration variables in the Management Information Base (MIB), addresses are defined and saved for future links between devices.
The "EngineID" Identifier in SNMPv3 uniquely identifies each SNMP entity.
Conflicts can occur if two SNMP entities have duplicate EngineID's. The EngineID is therefore used to generate the key for authenticated messages.
SNMPv3 security comes primarily in 2 forms.
Authentication is used to ensure that traps are read by only the intended recipient. As messages are created, they are given a special key that is based on the EngineID of the entity. The key is shared with the intended recipient and used to receive the message.
Privacy encrypts the payload of the SNMP message to ensure that it cannot be read by unauthorized users. Any intercepted traps will be filled with garbled characters and will be unreadable. Privacy is especially useful in applications where SNMP messages must be routed over the Internet.
Formatting of trap messages was changed in SNMP v2 and the Protocol Data Units (PDUs) were renamed as well.
Newer SNMP devices have emerged to serve security-conscious organizations: SNMPv3 mediation devices. These take in SNMP traps and output secure SNMPv3 traps, preventing unencrypted traps from being sent to your manager at all.