MG-SOFT SNMP Master Agent
Supporting SNMPv1, SNMPv2c and SNMPv3 USM and SNMPv3 TSM protocols
MG-SOFT SNMP Master Agent is a secure and transparent replacement for the SNMP service running on Microsoft Windows operating systems.
The major advantage of MG-SOFT SNMP Master Agent over Microsoft SNMP service is that along the SNMPv1 and SNMPv2c protocols implemented in Microsoft SNMP service, it also implements the secure SNMPv3 protocol, offering strong authentication and SNMP packets content encryption, compliant with the current SNMP protocol standards published by IETF. Along with the SNMPv3 User-based Security Model (USM) with all standard authentication protocols (MD5, SHA1) and encryption protocols (DES, AES-128), MG-SOFT SNMP Master Agent also supports stronger SHA2 authentication protocols (up to SHA2-512) and stronger privacy protocols (AES-192, AES-256 and 3DES) for USM. In addition, it implements also the SNMPv3 Transport Security Model (TSM) with support for SNMPv3 over TLS and DTLS protocols (using X.509 digital certificates), which provide strong security on the transport layer.
MG-SOFT SNMP Master Agent implements SNMP extension API interface compatible with Microsoft SNMP extension API, which means that all SNMP sub-agents designed and implemented to run under Microsoft SNMP service will continue to run also under MG-SOFT SNMP Master Agent, the same sub-agent binaries, without a need to modify or recompile them.
The addition of the secure SNMPv3 protocol to all MS Windows operating systems (Windows 7, Windows Server 2008, Windows Server 2012, Windows 8.x, Windows 10, Windows Server 2016, Windows Server 2019, Windows 11, Windows Server 2022) will significantly enhance their overall security, especially system's remote SNMP management and monitoring security.
Secure replacement for the SNMP service on Windows
Replacing Microsoft's SNMP service with MG-SOFT SNMP Master agent introduces the following major advantages:
The main advantage of MG-SOFT's SNMP Master Agent over Microsoft's SNMP
service is significantly improved overall security of the server or
workstation running the SNMP Master Agent.
Microsoft's SNMP service supports only insecure SNMPv1 and SNMPv2c protocols, while MG-SOFT's SNMP Master Agent, in addition to SNMPv1 and SNMPv2c protocols, also supports the secure SNMPv3 protocol. |
|
Another important advantage is the ease of the software deployment.
The software installer replaces the existing SNMP service with MG-SOFT's SNMP Master Agent, while all SNMP subagents (SNMP Agent Extensions) remain in place and continue to operate under MG-SOFT's SNMP Master Agent just as they were operating under Microsoft's SNMP service. The added value is support for the secure SNMPv3 protocol on the network side. |
Microsoft's SNMP service and MG-SOFT SNMP Master Agent both, to tell it in
the most simplified manner, act as an "interface" between network on
one side and SNMP sub-agents on the other side. The main difference betwen
Microsoft's SNMP service and MG-SOFT's SNMP Master agent is that Microsoft
SNMP service, on the network side supports only SNMPv1 and SNMPv2c protocols
while MG-SOFT SNMP Master Agent in addition to SNMPv1 and SNMv2c protocols
also supports the secure SNMPv3 protocols (SNMPv3 USM and SNMPv3 over (D)TLS).
Besides, MG-SOFT SNMP Master Agent also supports SNMPv1, SNMPv2c and SNMPv3/USM
over UDP and TCP transport, while Microsoft's SNMP service supports only UDP
transport protocol.
When using the OS-supplied insecure SNMPv1 or SNMPv2c protocols for managing your workstations and servers, malicious visitors can, without taking much effort, remotely reconfigure such computer, which could be quite harmful.
SNMPv3 protocol introduced significant security enhancements over previous SNMP protocol versions. It provides strong authentication and network packet encryption that prevents unauthorized access described in the previous paragraph. MG-SOFT's SNMPv3 engine in SNMP Master Agent supports the SNMPv3 User-based Security Model (USM) with all standard authentication methods (MD5, SHA1) and encryption protocols (DES, AES-128), as well as stronger SHA2 authentication protocols (up to SHA2-512) and stronger privacy protocols (AES-192, AES-256 and 3DES). Moreover, it implements also the SNMPv3 Transport Security Model (TSM) with support for SNMPv3 over TLS and DTLS protocols (using X.509 digital certificates), which provide equally strong security on the transport layer. The latter may leverage an already deployed PKI infrastructure in an organization also for secure SNMP management.
You can configure MG-SOFT's SNMP Master Agent to respond only to the SNMPv3 protocol queries (either SNMPv3 USM or SNMPv3 TSM or both), ignoring SNMPv1 and SNMPv2c queries. In addition, you can configure MG-SOFT's SNMP Master Agent to send secure SNMPv3 Trap or Inform notifications to network management system(s) when certain events occur (also when the agent is queried with incorrect SNMP access parameters). In such way you significantly improve the security of the server or workstation running MG-SOFT's SNMP agent. Strong authentication will prevent unauthorized read and write access to the SNMP agent and encrypted SNMP communication will hide the contents from malicious visitors who may, by a chance, sniff such packets on the network.
MG-SOFT SNMP Master Agent Configurator
In the SNMP Master Agent Configurator you can enter or change the SNMP
Master Agent SNMPv3 USM or SNMPv3 TSM (SNMPv3 over (D)TLS) security
access parameters, so that only remote SNMP managers knowing these
parameters will succeed in contacting and managing the SNMP Master
Agent running on that particular workstation or server.
MG-SOFT SNMP Master Agent is a secure and transparent replacement for Microsoft's SNMP service. Transparent means that no changes whatsoever are required in the existing subagents and in the master agent configuration. When deploying the MG-SOFT SNMP Master Agent, the installer will shutdown Microsoft's SNMP Service and start MG-SOFT's SNMP Master Agent service. While starting, MG-SOFT SNMP Master Agent reads Microsoft agent's configuration parameters from the system registry and loads all listed subagent DLL modules.
MG-SOFT SNMP Master Agent installer supports also the silent install mode, where the software can be deployed without a user interaction.
At any time you can then reconfigure SNMP security access parameters in MG-SOFT's
SNMP Master Agent by using the supplied agent configuration tool or by modifying
the system registry settings (the latter method is suitable for mass deployment).
MG-SOFT SNMP Master Agent architecture
For the purpose of this clarification, let's say that SNMP Master Agent is an application that has two interfaces, a network interface and a SNMP agent extension API interface.
The network interface is where the master agent 'speaks' SNMP protocol
on the network level in order to 'talk' to SNMP managers.
The added value here is that MG-SOFT SNMP Master Agent supports all SNMP protocol versions, including the secure SNMPv3 protocol (SNMPv3 USM and SNMPv3 TSM), while Microsoft's SNMP service supports only insecure SNMPv1 and SNMPv2c protocols. On the network interface MG-SOFT SNMP Master Agent unpacks and decodes SNMP packets sent in SNMPv1, SNMPv2c or SNMPv3 protocol, extracts meaningful information from the packets and passes it to relevant subagent dll modules for processing through the SNMP Agent Extension API (for example, to get a value of certain OID that is implemented in that particular subagent dll module). Once the subagent returns the requested value through the Extension API, SNMP master agent creates a PDU in the same SNMP version as it was in the incoming packet and sends to the originating SNMP management system. |
|
The SNMP Extension-Agent API functions define the interface between the SNMP
service and SNMP extension-agent DLL modules. Applications use the API
functions to resolve the variable bindings that are specified by incoming
SNMP PDUs.
The SNMP Agent Extension API is used for connecting subagents (blue boxes on the agent architecture figure) to the SNMP Master agent in order to exchange (receive or set) the relevant data with the managed workstation or server. Subagents are implemented as dll modules, and are completely un-related to the SNMP version "spoken" by the master agent and they don't require any modifications when the SNMP protocol version in the master agent is changed. This means that there is no need for any modification in the existing extension DLL modules, i.e., the same binaries that are used with Microsoft's service will run also with MG-SOFT's agent. |
For the purpose of SNMPv3 interoperability and conformance testing with your SNMPv3 management software, MG-SOFT provides a copy of the SNMPv3 Master Agent running on the Internet.
The SNMP Master Agent is configured for responding to various SNMPv3 USM authentication and privacy configurations. Please find full details on how to access the SNMP Master Agent on the MG-SOFT SNMPv3 Implementation page.
This copy of the MG-SOFT SNMP Master Agent runs on Windows XP computer and is using the standard Microsoft's inetmib1.dll extension dll, as Microsoft supplied it with the OS.
|