Versions of the SNMP prior to third version (SNMPv3) did not include adequate security. Any sufficiently motivated individual with physical access to a shared network link and a protocol sniffer had the ability to capture clear text messages exchanged between a manager application and its agents. Once captured, it was simply a matter of extracting community strings and agent addresses of interest in order to usurp the role of the manager application, possibly hijacking and re-configuring network devices along the way.
The design of SNMPv3 included authentication and privacy (encryption) mechanisms for the protocol. By incorporating these mechanisms, SNMPv3 became self sufficient with no need of any other network services for the secure transmission of SNMP messages. After all, network operators need their network management protocol to be functional even when major portions of the network and its services are impaired.
Three security levels are defined for SNMPv3, in increasing degree of security as follow:
- noAuthNoPriv – essentially clear text messages providing backwards compatibility with earlier versions of the SNMP
- authNoPriv – authenticated messages (SHA1 or MD5 hash), but messages are still transmitted in clear text
- authPriv – authenticated messages with the scoped PDU portion of message encrypted (DES or AES)
For manager applications that only require their agents to verify the authenticity of SNMP message exchanges, the authNoPriv security level is sufficient. This security level offers adequate protection for SNMP message exchanges that do not include sensitive data.
For manager applications that require their agents to both verify the authenticity of SNMP message exchanges and to provide privacy (encryption) of sensitive data contained within the scoped PDU portion of the SNMP message, the authPriv security level must be used. Since the DES encryption cipher is considered cracked, an AES encryption cipher of sufficient length should be used.
However, it is important to avoid using weak authentication or privacy pass phrases. Even when an SNMP manager application uses the authPriv security level with the AES cipher, you can jeopardize secure SNMPv3 message transmissions. In better deployments, the SNMP configuration and applications work together with the proper ciphers and strong pass phrases to ensure secure SNMPv3 message transmission and I am happy to show you just how easy it is to get this right.
In highly secure environments snmpEngineID values should also be protected by using a discovery mechanism together with a security model that avoids exchanging cleartext SNMP messages on network links.
The next step towards using SNMPv3 for secure transmission of SNMP messages is to contact me with your project requirements and questions.