The (D)TLS Option for SNMP Agents
SNMP Research offers solutions supporting
Simple Network Management Protocol operations over
Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS).
SNMP Research's (D)TLS option provides secure SNMPv3 communication
that uses public-key
cryptography and X.509 certificates as an alternative to the private-key
cryptography required by the SNMPv3 User-Based Security Model (USM).
SNMP Research's (D)TLS option makes it easier to integrate SNMP network
management into X.509 public key infrastructures.
SNMP over TLS and DTLS provides comparable security to SNMPv3 with USM
while leveraging existing investments in X.509 public key infrastructures.
SNMP over TLS and DTLS offers the following security features (similar to
the User-based Security Model).
- Server authentication
- Confidentiality
- Message integrity
- Client authentication
Organizations may consider implementing SNMP over TLS and DTLS if they:
- already have an X.509 public key infrastructure, or
- need to deploy an X.509 public key infrastructure.
Why? Because SNMPv3 users, applications, and devices must be configured
to communicate securely. The User-based Security Model secures SNMPv3 with
usernames that have localized keys configured on agents and corresponding
passwords configured on managers. SNMP over TLS and DTLS provides comparable
security to USM, but uses X.509 certificates stored on agents and managers
rather than usernames and passwords. If an organization is already required to
use X.509 certificates, it makes sense to also enable SNMP-manageable network
devices and managers to use X.509 certificates, as well.
However, secure SNMPv3 can be achieved without requiring X.509 certificates or establishing
a public-key infrastructure. The SNMPv3 User-based Security Model provides sufficient
security for organizations that do not need to use TLS or DTLS. While SNMP Research
supports TLS and DTLS by providing the (D)TLS option, we emphasize that the security
provided by the SNMPv3 Framework is comparable whether using usernames and passwords
or X.509 certificates.
SNMP Research presently supports the (D)TLS specifications published in these RFCs:
- RFC 5343, "Simple Network Management Protocol (SNMP) Context EngineID Discovery"
- RFC 5590, "Transport Subsystem for the Simple Network Management Protocol (SNMP)"
- RFC 5591, "Transport Security Model for the Simple Network Management Protocol (SNMP)"
- RFC 5953, "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)"
Packaging
SNMP Research offers solutions that unlock the full potential of the SNMPv3 architecture, including
public-key security with Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS).
SNMP Research makes software development and configuration easier by providing working examples,
valid configuration files, and sample certificates for testing. Network managers can bring SNMP users,
applications, and devices under the umbrella an X.509 public key infrastructure easier using
SNMP Research's (D)TLS-enabled SNMP agents and Subagent Development Toolkits.
The (D)TLS option can be licensed with SNMP Research's
Agent Products:
Sales Inquiries
For more information, please call +1 865 579-3311, or send
email to info@snmp.com. You can also fill out a Sales Query and one of our sales people will respond to your request quickly.
Licensing terms are available from info@snmp.com.