Pages

Net-SNMP v3: Brief Overview

Simple Network Management Protocol (SNMP) is an Internet-standard Application Layer protocol used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. The SNMP agent receives requests on UDP port 161 and the manager receives notifications (Traps and InformRequests) on port 162 but when SNMP is used with Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) requests are received on port 10161 and traps are sent to port 10162.

The first two versions of the SNMP protocol (SNMP v1 and SNMP v2c) contained clear text passwords and provides NO SECURITY at all that's the reason SNMP v3 was later developed to secure the protocol. So when choosing the vendor product makes sure the SNMP v3 support is available. SNMP v3 can be configured in following ways:-
  1. SNMPv3 with User-Based Security Model (USM) which secured the protocol by allowing administrators to define "users" with various security credentials and supported by most devices.

  2. Tunneling SNMPv3 packets over SSH, TLS and DTLS. The SSH protocol uses existing SSH authentication and encryption methods (like SSH keys and/or usernames and passwords) to secure its traffic. And the TLS and DTLS protocols use X.509 certificates for securing its traffic. Hopefully this will be supported by most devices soon.

  3. Another way of securing SNMP is to implement a Kerberos security model for SNMPv3. Although Net-SNMP contains a prototype implementation of this, the work was never finished within the IETF nor within the Net-SNMP implementation and is not yet ready for real-world use.
Stay tuned for my upcoming posts where I will present installation and configuration of Net-SNMP v3.

Suggested Posts,

This post appeared on the softlexicon.com by Sumit Goel. Copyright © 2012 – softlexicon.com and Sumit Goel. All rights reserved. Not to be reproduced for commercial purposes without written permission.

No comments:

Post a Comment

Be sure to check back again because I do make every effort to reply to your comments here.