Are you ready to take advantage of the new security features of SNMPv3 (Simple Network Management Protocol)? Many users of SNMP know that SNMPv3 is more secure than the previous versions, SNMPv1 and SNMPv2c, but may not know the details about SNMPv3 and/or the key steps to successfully implementing the protocol.

A Little Bit About SNMPv3

The release of SNMPv3 is set to address security deficiencies and provide a proper framework for securing access, authentication and control. SNMPv3 is not a stand-alone replacement for version 1 or 2, but rather an added security ability to be used in conjunction with SNMPv2 (ideal) or SNMPv1. Additionally, it is important to understand the primary or core responsibilities of SNMP and the associated agents. The device agent is tasked to collect and maintain information about the local environment. The agent will provide that information to a manager in the form of a response to a request or in an unsolicited method when something significant happens to the device. Lastly, the agent can respond to a manager’s command to alter the device’s configuration or operating parameter.

One of the key components of SNMP is the Management Information Base (MIB) which is a virtual database used for managing devices on a given network. This virtual database can refer to the complete collection of management information on a certain device. Typically, a Network Management System (NMS), such as NeuralStar that provides full SNMPv3 support can query or look-up information on a device’s MIB and retrieve metrics or other analytics. When adopting or implementing SNMPv3 the security subsystem of the protocol can prevent unauthorized users from accessing a MIB or parts of a MIB. Additionally, usage of version 3 can ensure that authorized users retrieve and update information from only the parts of the MIB that they are allowed to view. With that background out of the way, here is a list of recommended or supplemental procedures for implementing SNMPv3.

Keys to Successfully Implementing SNMPv3

1. Disable SNMPv1 and SNMPv2c/2.5 from any critical or network edge devices

2. Update network devices or servers to ensure full compatibly with SNMPv3

3. Develop role based management system where restriction or access to configurations, monitoring, metrics, or reporting is based upon an operating role

4. Develop a separate management VLAN to be used locally and to transport all SNMPv3 traffic back and forth between the agents and managers

5. Ensure the SNMPv3 implementation meets guidelines set forth by regulatory demands such as HIPAA, PCI, FERPA, SOX, GBLA, DoD, FIPS/NIST, and FISMA (including setting privacy to AES 256)

6. Filter ingress/egress SNMP traffic at the network edge and limit internal SNMP traffic with Access Control Lists (ACLs)

7. If possible, make any critical network device and especially edge device MIBs read-only

8. Verify that no “public” or “private” community strings still exist on any network device, including printers or other headless devices

Let us know if you have any specific recommendations we didn’t mention or if you have any questions about SNMPv3, contact us at info@kratosnetworks.com.

TAGGED UNDER

When seconds add up to minutes and minutes count in your busy day, consider a free tool that can save you valuable time. Download our desktop utility called the LaunchPAD that centralizes your admin tools to make the process of IT management easier. This free download helps you cut down on the amount of time it takes to perform routine tasks individually. The desktop utility comes pre-configured with links to the most commonly used network administrator tools including: 

• Perfmon
• Trace Route
• Telnet
• Ping
• Remote Desktop 
• Add your own tools

 The LaunchPAD can be set to load automatically when your computer boots up, so you always have single-click access to your management tools from the desktop. You can also add new tools and links in seconds. Give it a try, its free after all. Download the LaunchPAD or any of Kratos’ other IT management tools today!

TAGGED UNDER

Are you as prepared as you can be to face the looming cybersecurity challenges in today's rapidly evolving threat, technology and compliance landscape? Is your system in compliance with FISMA and OMB requirements? If you are looking to increase your cybersecurity readiness, consider proven and industry leading training from SecureInfo, A Kratos company.

Our cybersecurity instructors are industry veterans who educate students using a combination of "lessons learned" and analytical course content. In our interactive setting, we recommend practical solutions to the everyday problems presented by Security Authorization (or C&A) audits and cybersecurity program management.

Thousands of security professionals from around the world, including the Department of Homeland Security, US Air Force, US Army and many large commercial organizations, have attended our cybersecurity classes.

Check out our upcoming schedule of training events and register for a class today! Training classes are conducted in our training centers in Alexandria, VA and San Antonio, TX. On-site classes at your location are also available.

For more information, view our complete line-up of cybersecurity courses:

• Addressing Cyber Security Controls (NEI 10-09)
• DIACAP Workshop
• eMASS
• NIST Continuous Monitoring 1-Day
• NIST Continuous Monitoring 3-Day
• NIST Continuous Monitoring 5-Day
• NIST Organizational Risk Management
• NIST RMF Workshop 5-Day
• NIST Security Controls Workshop 5-Day
• RMF for DoD IT
• RMS Product Training

If you have any questions, don't hesitate to contact us at training@secureinfo.com for more information.

TAGGED UNDER