snmp v3

book

Article ID: 195031

calendar_today

Updated On:

Products

NIMSOFT PROBES DX Infrastructure Management

Issue/Introduction

snmp v3 is deprecated by Microsoft on Windows 2012 and later OS. Any security flaws using snmpget probe with snmpv3?

Environment

Release : 9.0.2

Component : UIM - SNMPGET

Resolution

If snmp is not an option, there are several remote monitoring probes that don't require installing a robot/agent on the target system, such as:

- rsp (remote system probe)
- net_connect/icmp
- snmpcollector
- url_response
- nexec (run remote commands)

Monitoring server availability

The ability of a server to be in a state to perform a required function at a given instant of time or at any instant of time within a given time interval. From the user point of view, availability over a specified time interval is the percentage of that interval during which the system was available for normal use.

Here is an article that provides one example of using net_connect to check the availability of a service at a port on a given server to monitor server availability. You can monitor any [email protected] you prefer and force the service to be checked and if unavailable, generate an alarm. Note that the system may not be ping-able and doesn't need to be for this to serve this purpose.

https://knowledge.broadcom.com/external/article/188720/alert-is-not-generating-for-service-from.html

Notes on the use of SNMPv3 for Windows servers

Windows Server 2016 does not support SNMPv3. Microsoft officially states that SNMP is deprecated in Windows Server 2012 and higher. You would have to leverage the use of a third-party SNMP application. If you need to do remote monitoring of a server(s), you can take a look at the rsp probe which uses telnet/SSH/WMI.

Additional Information

There are currently no reported/known security flaws when using snmpget with SNMPv3.

For SNMPv3, the snmpget probe does NOT support AES-256. Currently, the snmpget probe only supports AES-128 encryption.