• The Simple Network Management Protocol (SNMP) is part of TCP/IP as defined by the IETF.
• It is used by network management systems to monitor network-attached devices for conditions that warrant administrative
attention.
• It consists of a set of standards for network management,
• Managers:
– In any configuration, at least one manager node runs SNMP management software.
• Agents:
– Network devices that need to be managed, such as switches, routers, servers, and workstations, are equipped with an agent software module.
• Management Information Base (MIB):
• Network Management System (NMS) • Agents
• MIB
• An NMS executes applications that monitor (and possibly control) managed devices.
• The NMS provides the bulk of the processing and memory resources required for network management.
• Nagios:
– Is an open source management system with many features, aimed primarily at host and service monitoring. It can, however, be used to fill the role of a full-blown SNMP-based management system by setting it up to receive SNMP traps. Nagios can then generate alerts based on traps received from hosts and network devices. Nagios is suited to service monitoring, with its ability to connect to SMTP, POP3, HTTP, NNTP, PING, etc. Nagios even allows advanced monitoring of host statistics, such as disk usage, temperature, load, etc. Nagios has the ability to produce availability charts and graphs as well. It focuses on NOC operations by allowing you to schedule downtimes (i.e. suppress notifications) and track problem resolutions. Being open source and having a decent API also means that there are hundreds of plug-ins for Nagios. Nagios does lack discovery capabilities, however.
• Netdisco:
– Is another NMS Suite designed for Linux-only that has a specific focus. As the name implies, the focus is on network discovery. If this is most important to you, Netdisco is definitely worth a look. Netdisco provides layer 2 discovery. It creates mappings from IP and MAC addresses to switch ports, and provides a good interface for searching the discovered information. Netdisco provides many useful reports as well, including: a clickable graph of the network topology, statistics about the number of nodes
• WhatsUp:
– Is a very popular monitoring system that runs on Windows only. WhatsUp is a fairly complete NMS, implementing: monitoring, discovery, and reporting. It can even catch SNMP traps and provide information about devices using its SNMP Viewer. The intuitive interface, world-class maps and diagrams, and ease of use make WhatsUP preferred by many. It is a very popular monitoring system that runs on Windows only.
• Big Brother's:
– Focus is purely on monitoring. Big Brother is a customizable monitoring system that is easy to set up. It works on both Unix and Windows servers and clients. The web interface shows a statistics page with simple "red = bad, green = good"
scheme. Big Brother can monitor services, as well as act simply as a ping tool. • Cricket:
– Is a one-feature piece of software, but it deserves mention here. Cricket graphs important data based on SNMP data collected from routers and switches. Most common uses include data rate of every port and temperature/COU usage.
Virtually every site uses this package in conjunction with other NMS tools, since it excels at gathering and displaying this important information.
• An agent is a network-management software module that resides in a managed device.
• A managed device is a network node that contains an SNMP agent and that resides on a managed network.
• Managed devices can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.
• SNMP asks agents for information or tells the agents to do something.
In SNMPv1, asynchronous event reports are called traps while in later versions they are called notifications.
• GET REQUEST
– Used to retrieve a piece of management information.
• GETNEXT REQUEST
– Used interactively to retrieve sequences of management information.
• GET RESPONSE
– Agent responds with data to get and sends requests from the manager.
• SET REQUEST
– Used to initialize and make a change to a value of the network element.
• TRAP
• Other PDUs were added in later versions, including:
– GETBULK REQUEST - a faster iterator used to retrieve sequences of management information.
• SNMP uses:
– UDP port 161 for the agent
– UDP port 162 for the manager.
• The Manager may send Requests from any available ports (source port) to port 161.
– The agent response will be given back to the source port.
• SNMPv1 and SNMPv2 use a community string to access router SNMP agents
– SNMP community strings act like passwords
– An SNMP community string is a text string used to authenticate messages between a management station and an SNMP engine
• Read Only Community String:
– Community strings can obtain information but cannot set information in an agent.
• Read-Write Community Strings:
• SNMP agents accept commands and requests only from SNMP systems that use the correct community string.
• In effect, having read-write access is equivalent to having the enable password!
• By default, most SNMP systems use a community string of “public”
– This is a security problem!
• If the router SNMP agent is configured to “public”, anyone with an NMS system is able to read the router MIB.
– Router MIB variables can point to entities like routing tables and other security-critical components of a router configuration.
• A security model is an authentication strategy that is set up for a user and the group that the user resides in.
• Currently, Cisco IOS software supports three security models: – SNMPv1
– SNMPv2 (variations - SNMPv2p, SNMPv2c, SNMPv2 (SNMPv2u, and SNMPv2*)
– SNMPv3.
• SNMPv1 and v2 are considered obsolete, and are extremely insecure.
– It is recommended they NOT be used on a publicly attached network.
1
2
3
No No Yes• It uses cleartext authentication strings.
• Sends strings repeatedly as part of periodic polling.
• Easily spoofable, datagram-based transaction protocol.
• Uses the same PDUs as version 1
• Add two new PDUs called GetBulk and Inform. • Different variations developed to address security
issues
• Username match for authentication • Increased message integrity
• Authentication based on MD5 or HMAC-SHA
• SNMPv3 is an interoperable standards-based protocol for network management.
– SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.
• There are three security features that SNMPv3 provides: – Authentication
• SNMP is typically used to ease troubleshooting and configuration. – However, SNMP in a production network introduces a potential vulnerability.
• If SNMP is required, consider:
– Providing read-only access to devices via SNMP
– Treat the SNMP community string with the same care that you might use for a root password on a critical UNIX host.
• If SNMP is not required, disable it.
• If SNMP is absolutely required, use it only in the read-only mode. • Don’t use obvious read/write strings.
• Log the authentication failures.
• SNMP Tutorial – http://video.google.ca/videoplay?docid=5629617213275193770&ei=BlLSSJ-NBKC4-wGgt728Ag&q=snmp&vt=lf&hl=en • Essential SNMP – http://www.unix.com.ua/orelly/networking_2ndEd/snmp/index.htm • Configuring SNMP – http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_sn mp_sup_ps6441_TSD_Products_Configuration_Guide_Chapter.html • SNMP Server
