Hi there,
We have a SNMPv3 where we can apply the AuthPriv level security to secure the SNMP traps. But, in order to provide the security to earlier versions, would it possible to apply any of these security levels to SNMPv1 and SNMPv2c traps instead upgrading to SNMPv3?
Could you lead me to any documents if any.
Thanks v much!
No, that is not possible at all, because SNMPv1 and v2c have no security built-in at all. No authentication and no privacy (encryption). Thus, everything is send in plain text on the wire with these two versions.
Thanks AgentPP.
I got to read something which is TLS/TCP based:
Any thoughts on this?
How is this related to this topic? (I do not get your point)
I guess it does TLS to the SNMPv1/v2c traps, but it is based upon the TCP instead of UDP.
I hope I’m not missing anything.
Of course, you can wrap SNMPv1/v2c in a TLS stream, but you could also encrypt the PDUs with AES256 and send it by email.
In both cases, you need to exchange to secret (i.e. certificate, password) out-of-band and you probably need measures against replay attacks.
All of this is covered by SNMPv3 over (D)TLS, but not with some proprietary SNMPv1/v2c over TLS solution. I would not invest any time in that.
Ok, yeah. Sorry, just trying to understand it more.
So, in terms of wrapping up these traps with TLS, is it something can be achievable at sender’s end itself before forwarding to receivers? Or we will need to install some kind mediator which would do the job of wrapping up v1 and v2c traps with TLS and then forwarding to the receivers?