January 22, 2012

1.4.2 SNMP

SNMP

Simple Network Management Protocol(SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP is used for collecting information from, and configuring network devices, such as servers, printers, switches, and routers on a TCP/IP network. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

Three versions of SNMP exist: SNMPv1, SNMPv2 and SNMPv3. SNMPv2 provides security and improved remote monitoring over SNMPv1. Security in v1 and v2 consisted of a password (known as a community string) sent in the clear between the management station and the agent. SNMPv3 primarily added security and remote configuration enhancements.

Two versions of SNMP exist: SNMP Version 1 (SNMPv1) and SNMP Version 2 (SNMPv2). Both versions have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations.

An SNMP managed network consists of four key components: managed devices, agents, network-management systems (NMS) and Management Information Base (MIB).
  • Managed device – a network device that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP.
  • Agent – a software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.
  • NMS – runs on the management station and executes applications that monitor and control managed devices.
  • MIB – data shared between the agent and the NMS. The Agent collects data locally and stores it, as defined in the MIB. 
SNMP can access information stored in MIBs. A MIB (Management Information Base) is a collection of information that is organized hierarchically. MIBs hold information about managed objects and are identified by object identifiers.

Managed devices are monitored and controlled using four basic SNMP commands: read, write, trap, and traversal operations.

SNMPv3: RFC 3411–RFC 3418
SNMPv2: RFC 1441–RFC 1452
SNMPv1: RFC 1157

Vulnerabilities in SNMP include packet sniffing of the cleartext community strings (v1 & v2), brute force and dictionary attacks of keys, IP spoofing over UDP connections.

References:

No comments:

Post a Comment