How SNMPv3 Works - a simple security breakdown

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody welcome to this video on snmpv3 snmpv3 might seem confusing at first but there's only one thing you really need to understand in order to use b3 to monitor that one thing is security levels and once you understand security levels snmpv3 monitoring instantly becomes simple ready here we go let's start by pointing out that the promised benefit of using SNMP v3 is increased security SNMP versions 1 and 2c are easier to use and understand but they're not secure because they use only one piece of authentication information to access devices and that one piece of authentication information is sent in plain text across the network it is trivial for an attacker who can intercept the packets to read the packets and access devices SNMP v3 offers greater security through both stronger authentication and the addition of message encryption but here's what you absolutely have to know just because you can use better authentication and add encryption in v3 you're not actually required to in fact there is a way to use SNMP v3 that is effectively no more secure than versions 1 & 2 see how can this be it all comes down to security level there are three security levels in SNMP v3 no off no Prive off no Prive and auth Prive there is no default security level for SNMP v3 the security level must be configured on the monitored device on a per user name basis on any particular device such as a switch different users could be set to different security levels if you're setting up a device for SNMP v3 for the first time you will choose the security level for the usernames if you're monitoring advice already configured for SNMP v3 you will need to know the security level configured for the usernames you are going to use to monitor you then configure your network monitoring system like Nagios X I to match the security level configured on the device for the username if the monitored device expects one security level for a username but you are using a different one on your network monitoring solution your monitoring will not work no off nope rib is the lowest security level in snmpv3 authentication uses only a username no password is required and the message is not encrypted so it is effectively no different from snmpv1 or to see the entire communication and sent in the clear and any attacker with access to the packets can easily use the information to send malicious SNMP requests why would an organization use this security level I can only think of one reason and it's not a good one off no Prive is the middle security level in SNMP v3 off no pre abuses both the user name and an authentication password your message is authenticated but not encrypted anyone who can see the network traffic can read your SNMP request and your username and they can read what the device sends back to you so what good is off no pretty well even though the message is not encrypted the authentication password is not sent over the network instead SNMP v3 uses the authentication password to create a cryptographic hash value for the message which allows both sides of the communication to verify that they have the same password an attacker would have to know the authentication password in order to successfully send malicious SNMP requests authentication in SNMP v3 allows for use of either the md5 or the sha-1 hashing algorithms sha-1 is stronger while md5 is faster keep in mind that the network monitoring system needs to use the same hashing algorithm to create the hash as the monitored device uses to verify the hash so make sure you know which algorithm the monitored device expects why would you use off no proofs authentication without encryption well encryption is computationally expensive it uses CPU resources on both the monitor device and the network monitor system you might choose off no privity if you have severe resource constraints and can't afford the CPU cycles for encryption still some would say extra resources are much less expensive than either a data breach or destructive intrusion so while you can use off no prig you definitely want to use auth probe if you can othe FRIB is the highest security level in snmpv3 osprey abuses a username authentication password and privacy password your SNMP message is both authenticated and partially encrypted in auth Prive the authentication works exactly the same as it does in off nope ribbet keep in mind that only the SNMP request itself is encrypted with auth prep the username and some other metadata remain unencrypted the privacy password is used to encrypt and decrypt the messages with auth pretty you have the choice of encryption methods either des or AES AES encryption is both less computationally expensive and more secure than DES encryption so choose wisely strong encryption of the message can significantly increase an attackers burden if their goal is to send malicious SNMP packets however the easiest attack against encrypted data is to go after weak encryption passwords if your encryption password is password you shouldn't expect much security this goes for your authentication password as well if you're going to go to all the trouble of setting up SNMP v3 with auth primp create strong passwords and don't use the same password for both privacy and authentication that's all you need to know to use SNMP v3 for network monitoring what did you learn today well you learned that there are three security levels that form the basis for SNMP v3 monitoring you learned that the security levels are configured per user on the device you're monitoring and that your network monitoring system needs to match this security level in order to monitor successfully finally hopefully you have learned that using the highest security level along with strong password is absolutely the best way to go thanks for watching download Nagios exei from the link in the description below and you'll be monitoring in no time
Info
Channel: nagiosvideo
Views: 16,036
Rating: 4.9183674 out of 5
Keywords: monitoring, Network Monitoring, Monitoring tool, switches, routers, SNMP versions, 2c, education, tutorial, nagios server, devices, snmpv3 explained, explainer, introduction, MD5, SHA-1, encryption, authentication, username, passwords, AES, authNoPriv, authPriv, noAuthNoPriv, resources, privacy, DES, ccna, operation, version 3, snmpv3, v3, SNMPv2c, SNMPv1, learn snmpv3, security levels, per user
Id: NgceiOe9SO0
Channel Id: undefined
Length: 6min 56sec (416 seconds)
Published: Fri Jun 21 2019
Related Videos
SNMP Explained | Simple Network Management Protocol | Cisco CCNA 200-301
CertBros
49K
How SNMP Works - a quick guide
nagiosvideo
180K
Become Anonymous: The Ultimate Guide To Privacy, Security, & Anonymity
Techlore
321K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016
OWASP Foundation
1.1M
How Hidden Technology Transformed Bowling
Veritasium
5.4M
An Introduction to Systems & Service Monitoring with Prometheus • Julius Volz • GOTO 2019
GOTO Conferences
14K
How to Break Cryptography | Infinite Series
PBS Infinite Series
234K
Network Security 101: Full Workshop
SecureSet
1.6M
MicroNugget: SNMPv3 Cisco Configuration Explained | CBT Nuggets
CBT Nuggets
166K
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
1.2M
How to monitor Fortigate Firewalls Using PRTG Network Monitor
CYBERSKY
2.2K
VoiP DDoS Mitigation Explained With Ray Orsini from OITVoiP
Lawrence Systems
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.