The major advantage of MG-SOFT SNMP Master Agent over Microsoft SNMP service is that along the SNMPv1 and SNMPv2c protocols implemented in Microsoft SNMP service, it also implements the secure SNMPv3 protocol, offering strong authentication and SNMP packets content encryption, compliant with the current SNMP protocol standards published by IETF. Along with the SNMPv3 User-based Security Model (USM) with all standard authentication protocols (MD5, SHA1) and encryption protocols (DES, AES-128), MG-SOFT SNMP Master Agent also supports stronger SHA2 authentication protocols (up to SHA2-512) and stronger privacy protocols (AES-192, AES-256 and 3DES) for USM. In addition, it implements also the SNMPv3 Transport Security Model (TSM) with support for SNMPv3 over TLS and DTLS protocols (using X.509 digital certificates), which provide strong security on the transport layer.
MG-SOFT SNMP Master Agent implements SNMP extension API interface compatible with Microsoft SNMP extension API, which means that all SNMP sub-agents designed and implemented to run under Microsoft SNMP service will continue to run also under MG-SOFT SNMP Master Agent, the same sub-agent binaries, without a need to modify or recompile them.
The addition of the secure SNMPv3 protocol to all MS Windows operating systems (Windows 7, Windows Server 2008, Windows Server 2012, Windows 8.x, Windows 10, Windows Server 2016) will significantly enhance their overall security, especially system’s remote SNMP management and monitoring security.
Secure replacement for the SNMP service on Windows
If you configure MG-SOFT’s SNMP Master Agent to respond only to the SNMPv3 protocol queries, ignoring SNMPv1 and SNMPv2c queries, you significantly improve the security of the server or workstation running the SNMP agent.
Replacing Microsoft’s SNMP service with MG-SOFT SNMP Master agent introduces the following major advantages:
|The main advantage of MG-SOFT’s SNMP Master Agent over Microsoft’s SNMP service is significantly improved overall security of the server or workstation running the SNMP Master Agent.
Microsoft’s SNMP service supports only insecure SNMPv1 and SNMPv2c protocols, while MG-SOFT’s SNMP Master Agent, in addition to SNMPv1 and SNMPv2c protocols, also supports the secure SNMPv3 protocol.
|Another important advantage is the ease of the software deployment.
The software installer replaces the existing SNMP service with MG-SOFT’s SNMP Master Agent, while all SNMP subagents (SNMP Agent Extensions) remain in place and continue to operate under MG-SOFT’s SNMP Master Agent just as they were operating under Microsoft’s SNMP service. The added value is support for the secure SNMPv3 protocol on the network side.
Major difference between Microsoft SNMP service and MG-SOFT SNMP Master Agent
Microsoft’s SNMP service and MG-SOFT SNMP Master Agent both, to tell it in the most simplified manner, act as an “interface” between network on one side and SNMP sub-agents on the other side. The main difference betwen Microsoft’s SNMP service and MG-SOFT’s SNMP Master agent is that Microsoft SNMP service, on the network side supports only SNMPv1 and SNMPv2c protocols while MG-SOFT SNMP Master Agent in addition to SNMPv1 and SNMv2c protocols also supports the secure SNMPv3 protocols (SNMPv3 USM and SNMPv3 over (D)TLS). Besides, MG-SOFT SNMP Master Agent also supports SNMPv1, SNMPv2c and SNMPv3/USM over UDP and TCP transport, while Microsoft’s SNMP service supports only UDP transport protocol.
Significantly improved overall security of the server or workstation
When using the OS-supplied insecure SNMPv1 or SNMPv2c protocols for managing your workstations and servers, malicious visitors can, without taking much effort, remotely reconfigure such computer, which could be quite harmful.
SNMPv3 protocol introduced significant security enhancements over previous SNMP protocol versions. It provides strong authentication and network packet encryption that prevents unauthorized access described in the previous paragraph. MG-SOFT’s SNMPv3 engine in SNMP Master Agent supports the SNMPv3 User-based Security Model (USM) with all standard authentication methods (MD5, SHA1) and encryption protocols (DES, AES-128), as well as stronger SHA2 authentication protocols (up to SHA2-512) and stronger privacy protocols (AES-192, AES-256 and 3DES). Moreover, it implements also the SNMPv3 Transport Security Model (TSM) with support for SNMPv3 over TLS and DTLS protocols (using X.509 digital certificates), which provide equally strong security on the transport layer. The latter may leverage an already deployed PKI infrastructure in an organization also for secure SNMP management.
You can configure MG-SOFT’s SNMP Master Agent to respond only to the SNMPv3 protocol queries (either SNMPv3 USM or SNMPv3 TSM or both), ignoring SNMPv1 and SNMPv2c queries. In addition, you can configure MG-SOFT’s SNMP Master Agent to send secure SNMPv3 Trap or Inform notifications to network management system(s) when certain events occur (also when the agent is queried with incorrect SNMP access parameters). In such way you significantly improve the security of the server or workstation running MG-SOFT’s SNMP agent. Strong authentication will prevent unauthorized read and write access to the SNMP agent and encrypted SNMP communication will hide the contents from malicious visitors who may, by a chance, sniff such packets on the network.
MG-SOFT SNMP Master Agent Configurator
In the SNMP Master Agent Configurator you can enter or change the SNMP Master Agent SNMPv3 USM or SNMPv3 TSM (SNMPv3 over (D)TLS) security access parameters, so that only remote SNMP managers knowing these parameters will succeed in contacting and managing the SNMP Master Agent running on that particular workstation or server.
Ease of deployment
MG-SOFT SNMP Master Agent is a secure and transparent replacement for Microsoft’s SNMP service. Transparent means that no changes whatsoever are required in the existing subagents and in the master agent configuration. When deploying the MG-SOFT SNMP Master Agent, the installer will shutdown Microsoft’s SNMP Service and start MG-SOFT’s SNMP Master Agent service. While starting, MG-SOFT SNMP Master Agent reads Microsoft agent’s configuration parameters from the system registry and loads all listed subagent DLL modules.
MG-SOFT SNMP Master Agent installer supports also the silent install mode, where the software can be deployed without a user interaction.
At any time you can then reconfigure SNMP security access parameters in MG-SOFT’s SNMP Master Agent by using the supplied agent configuration tool or by modifying the system registry settings (the latter method is suitable for mass deployment).
MG-SOFT SNMP Master Agent architecture
|The network interface is where the master agent ‘speaks’ SNMP protocol on the network level in order to ‘talk’ to SNMP managers.
The added value here is that MG-SOFT SNMP Master Agent supports all SNMP protocol versions, including the secure SNMPv3 protocol (SNMPv3 USM and SNMPv3 TSM), while Microsoft’s SNMP service supports only insecure SNMPv1 and SNMPv2c protocols.
On the network interface MG-SOFT SNMP Master Agent unpacks and decodes SNMP packets sent in SNMPv1, SNMPv2c or SNMPv3 protocol, extracts meaningful information from the packets and passes it to relevant subagent dll modules for processing through the SNMP Agent Extension API (for example, to get a value of certain OID that is implemented in that particular subagent dll module). Once the subagent returns the requested value through the Extension API, SNMP master agent creates a PDU in the same SNMP version as it was in the incoming packet and sends to the originating SNMP management system.
|The SNMP Extension-Agent API functions define the interface between the SNMP service and SNMP extension-agent DLL modules. Applications use the API functions to resolve the variable bindings that are specified by incoming SNMP PDUs.
The SNMP Agent Extension API is used for connecting subagents (blue boxes on the agent architecture figure) to the SNMP Master agent in order to exchange (receive or set) the relevant data with the managed workstation or server.
Subagents are implemented as dll modules, and are completely un-related to the SNMP version “spoken” by the master agent and they don’t require any modifications when the SNMP protocol version in the master agent is changed. This means that there is no need for any modification in the existing extension DLL modules, i.e., the same binaries that are used with Microsoft’s service will run also with MG-SOFT’s agent.