OmniSecu.com Logo  
omnisecu.com free mcse ccna rhce linux java learning
omnisecu.com free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed

Tutorials

What is SNMP (Simple Network Management Protocol)

External Resources

SNMP (Simple Network Management Protocol) is a network management protocol which is used to manage (control and monitor) the network infrastructure devices (Routers, Switches, Network Servers etc). SNMP (Simple Network Management Protocol) was initially defined as Version 1 in RFC 1157. SNMP (Simple Network Management Protocol) is the key protocol used by the network industry to retrieve information from network infrastructure devices (Routers, Switches, Network Servers etc) or to configure the network infrastructure devices (Routers, Switches, Network Servers etc) remotely.

SNMP   Simple Network Management Protocol

SNMP (Simple Network Management Protocol) can be configured as Read-Only mode (can be used only to retrieve information from network infrastructure devices (Routers, Switches, Network Servers etc) or Read-Write mode (can be used to retrieve information from network infrastructure devices (Routers, Switches, Network Servers etc) or configure devices)

Versions of SNMP (Simple Network Management Protocol)

SNMPv1: SNMP version 1 is defined in RFC 1157. SNMPv1 security is based on community strings. An SNMP community string can be considered as password for a particular SNMP community.

SNMPv2c: SNMPv2c is an update SNMPv2 and SNMPv2c uses the community based security model of SNMPv1. "c" in SNMPv2c stands for "community".

SNMP Version 2c related RFCs are listed below

RFC 1901 - Introduction to Community-based SNMPv2
RFC 1908 - Coexistence between Version 1 and Version 2.
RFC 3416 - Version 2 of SNMP Protocol Operations
RFC 3417 - Transport Mappings

SNMPv3: SNMPv3 is the most secure version among other SNMP versions. SNMPv3 provides secure access to devices using authentication and encryption mechanisms.

The main security features of SNMPv3 can be summarized as below.

• Authentication - Authentication security feature makes sure that the message is from a valid source.

• Integrity - Integrity security feature makes sure that the message has not been tampered.

• Encryption - Encryption security feature provides confidentiality by encrypting the contents of a message to prevent eavesdropping.

SNMP Version 3 related RFCs are listed below

RFC 2273 - SNMPv3 Applications
RFC 3410 - Introduction and Applicability Statements for Internet Standard Management Framework
RFC 3411 - An Architecture for Describing SNMP Management Frameworks
RFC 3412 - Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
RFC 3413 - Simple Network Management Protocol (SNMP) Applications
RFC 3414 - User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 3415 - View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 3416 - Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)
RFC 3417 - Transport Mappings for the Simple Network Management Protocol (SNMP)
RFC 3584 - Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
RFC 3826 - The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model

SNMP Network Components

Management Information Base (MIB): Management Information Base (MIB) is a database which contains collection of information organized hierarchically. Management Information Base (MIB) contain definitions which define the properties of the managed object for a managed device like a Router or a Switch.

Management Information Base (MIB) definitions include the name of the object, object identifier (a numeric value), data type and Read-Only/Read-Write. Management Information Base (MIB) database structure is defined as RFC's RFC 1155, RFC 2578, RFC 2579, RFC 2580.

SNMP Agent: SNMP Agent is the SNMP client software that runs on an SNMP managed device like a Router, a Switch or a Server. SNMP managed device (Routers, Switches, Network Servers etc) runs an SNMP agent and contains the Management Information Base (MIB).

SNMP Manager (Network Management Station (NMS)): An SNMP Manager is a Server which runs a SNMP network management application. SNMP Manager is used to monitor and control the activities of network infrastructure devices using SNMP. SNMP Manager can request information from SNMP managed device (Routers, Switches, Network Servers etc). SNMP Manager can can also receive unsolicited information, known as a " trap", from an SNMP a managed device (Routers, Switches, Network Servers etc). SNMP Manager is often referred as Network Management Station (NMS) also.

SNMP Manager application includes the complete graphical user interface to configure, monitor and manage the enterprise network. SNMP Manager application performs SNMP GET and SNMP SET operations. SNMP Manager application also allows to capture SNMP Traps from SNMP managed devices in a managed network. Refer the next section to know what are SNMP GET, SNMP SET and SNMP Trap messages.

Different SNMP network management applications are available as SNMP Manager. Examples are PRTG, MRTG etc

SNMP Message Types

SNMP GET Message: An SNMP GET message is used by the SNMP manager to retrieve information from an SNMP managed device. SNMP GET messages are sent from SNMP Manager to SNMP Agent.

SNMP SET Message: An SNMP SET message is used to configure a setting in an SNMP managed device. SNMP SET Message is used by the SNMP manager to modify the value of variables on the Management Information Base (MIB) of an SNMP managed device. SNMP SET messages are sent from SNMP Manager to SNMP Agent.

SNMP Trap Message: An SNMP trap message is an unsolicited message sent from a managed device to an SNMP manager when an event happened in an SNMP managed device. SNMP trap messages are problem indicators sent from SNMP Agent to SNMPManager.

Security issues related with SNMP

Default Community Strings: Many SNMP enabled network devices have a default Read-Only community string as "public" and a default Read-Write community string as "private". These are well-known community strings and should be changed before you start using the device.

SNMP Read-Write mode: SNMP Read-Write mode is another security issue. Read-Write mode allows to modify the value of variables on the Management Information Base (MIB) of an SNMP managed device. If it is not configured properly, can cause serious security related problems.

              Jajish Thomason Google+
Related Topics
comments powered by Disqus


eXTReMe Tracker DMCA.com