adam's notes

Simple Network Management Protocol (SNMP)

The Simple Network Management Protocol (SNMP) is a widely used framework for remote management and monitoring of servers and network appliances.

  • consists of agents and monitors

SNMP Agents and Monitors

SNMP Agents

  • agent is a process running on a switch, router, server, or other SNMP-compatible network device
    • a managed device is one that is running an SNMP agent
    • agent maintains a data store called management information base (MIB)
      • holds variables relating to the activity of the device
        • e.g., number of frames per second handled by the switch
      • each parameter stored in a MIB is referred to by a numeric Object Identifier (OID)
        • stored within a tree structure
        • part of tree is generic to SNMP, part is defined by device vendor
    • can initiate a trap operation
    • configured with:
      • the community string or community name of the computers allowed to manage the agent
        • community string acts as a password
        • only 2:
          • one for read-only access
          • one for read-write access (privileged mode)
      • the IP address or host name of the server running the management system
    • can only pass information to management systems with same community string

SNMP Monitor

An SNMP monitor is management software that provides a location from which you can oversee network activity.

  • polls agents at regular intervals for information from their MIBs
    • displays the information for review
  • displays any trap operations as alerts
  • can retrieve information from a device in two ways:
    • Get
      • software queries the agent for a single OID
      • used by the monitor to perform regular polling
    • Trap
      • agent informs the monitor of a notable event
        • e.g., port failure
      • threshold for triggering traps can be set for each value
  • Set command changes variables
  • multiple Get and Get Next commands are used to walk an MIB subtree
    • used to discover the complete layout of an MIB
  • device queries use UDP port 161
  • traps use UDP port 162

SNMP Security

  • SNMP v2c is a protocol version with no support for robust authentication or encryption
    • many networks use this
    • guidelines for using:
      • SNMP v2c community strings are sent in plaintext and should not be transmitted of the network if there is risk of interception
      • use difficult-to-guess community strings
        • never leave it blank or set it to the default
      • use access control lists to restrict management operations to known hosts
        • 1 or 2 host IPs
  • SNMP v3 supports encryption and strong user-based authentication
    • agents are configured with a list of usernames and access permissions
      • instead of community strings
    • when auth is required,
      • SNMP message is signed with a hash of the user’s passphrase
      • agent can verify the signature and authenticate the user using its own record of the passphrase
    • authPriv mode enables encryption using the credential as a key
    • authNoPriv mode does not encrypt packets
  • disable SNMP if not used

Graph View

Backlinks