What is SNMP?
Simple Network Management Protocol(SNMP) is an Internet Standard protocol used for the management and monitoring of network connected devices on Internet Protocol networks.
Devices such as routers, switches, servers, workstations, printers and cable modems support SNMP.
SNMP collects data from these devices, organizes it and sends them for network monitoring and management. SNMP usually exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration.
These variables can then be queried or manipulated remotely by managing applications. There are many MIBs defined by standard bodies like the IETF and the ISO, as well as proprietary MIBs defined by a specific IT equipment vendor such as Cisco and software vendors like Oracle and Microsoft.
SNMP, defined by the Internet Engineering Task Force(IETF) is an element of the Internet Protocol Suite. SNMP is one of the broadly accepted protocols. Mostly, professional-grade networks come with bundled SNMP agents.
Then, these agents should be enabled and configured to communicate with the network monitoring tools or network management system(NMS).
The different versions of SNMP are explained as follows:
- SNMP version1 (SNMPv1) : This version is the initial implementation of the SNMP, operating within the structure management information and described in RFC1157.
- SNMP version2 (SNMPv2) : This version was defined by RFC1441 and RFC1452 and was improved to support more efficient error handling.
- SNMP version3 (SNMPv3) : This version was introduced in RFC 3410 which improves security and privacy.
Currently, SNMPv2 which is the second version of SNMP, is the most commonly deployed protocol version.
#2 SNMP Commands
SNMP tools can perform many functions which consists of a pull and push communications between network devices and the network management system.
Some SNMP commands are as follows:
- Get Request - Generated by SNMP manager and sent to get the value of the variable to an agent.
- Set Request - Sent by the SNMP manager to issue configurations and commands to the agent.
- GetBulk Request - Sent by the SNMP manager to get a potentially large amount of data to the agent.
- GetNext Request - Sent by the SNMP manager to retrieve the values of the next OID, to the agent in the MIB’s hierarchy.
- SNMP response - Sent to the SNMP manager by the agent, in reply to a GET request, GetNext Request, GetBulk Request and SET request. This command holds the values of the requested variables.
- SNMP Trap - An asynchronous alert sent to the SNMP manager to the agent, in order to indicate an event like an error or failure.
- Inform - It is similar to the Trap command, other than the fact that it includes confirmation from the SNMP manager, once the message is received.
- Response - This command carries back the values or signal of actions directed by the SNMP Manager.
#3 How SNMP works?
The working of SNMP is completely based on the commands as SNMP uses commands to establish communication between the manager and the agent.
#4 Components of SNMP
The four main components of the SNMP network are as follows:
a.) SNMP Agent
The agent’s software runs on the hardware or service will be monitored, collecting data about bandwidth use, disk space or CPU usage. The agent finds and sends this information back to SNMP management systems when queried by the SNMP manager.
b.) SNMP Manager
SNMP Manager which is also referred as SNMP Server, functions as centralized management system, which runs SNMP management application on different operating systems.
Though there are free SNMP managers available, they are either limited in their capabilities or the number of nodes they can support.
c.) SNMP Managed Devices
These are the network devices and services in which the agents usually run. Devices like routers, switches, printers, or wireless devices, come under this category.
d.) Management Information Base(MIB)
This is a data structure with .mib extension, which is in turn a text file that describes all objects used by a particular device that can be controlled or queried by SNMP. Each MIB is assigned an OID(Object Identifier).
e.) SNMP OID
Management Information Base(MIB) organizes OID hierarchically, which will be represented in a tree structure that has individual variable identifiers for OID.
#5 SNMP Security Levels
- noAuthNoPriv(No Authentication No Privacy) - This security level uses a community string for authentication and no encryption for privacy.
- authNoPriv(Authentication No Privacy) - This security level uses HMAC with “md5” for authentication and no encryption for privacy.
- authPriv(Authentication Privacy) - This security level uses HMAC with “md5” or “sha” for authentication and encryption uses the DES-56 algorithm.
#6 SNMP Configurations
SNMP uses two type of configurations namely as follows:
Read : These strings can be read by any application or device that can communicate SNMP.
Read-Write : These strings allow the user to set values such as in the device’s settings.
#7 Enabling SNMP
SNMP is usually not enabled by default on devices. That means in most cases, admins have to log in and turn it on in order to make SNMP data available. This reduces the risk of running an insecure version of SNMP. Since admins have to turn it on, they can check the suitable and best version to run on the device.
#8 Vulnerabilities of SNMP
The vulnerability in the versions of SNMP protocol(SNMPv1 and SNMPv2) is that SNMP messages are sent across the network unencrypted, which means anyone with a packet sniffer can read the community string as plain text.
#9 Best practices of SNMP
SNMP should be secured carefully to avoid any breaching. Here are some best practices in SNMP to consider.
If SNMP is not used, then it should be disabled.
Access Control Lists(ACLs)should be created which will allow only authorized computers to access SNMP devices.
Updating the software of the devices is very important so that there are no vulnerabilities for a hacker to breach the device.
Avoid using “NoAuthNoPriv” mode as it doesn't have any encryption transmissions. Instead, use “AuthNoPriv” or “AuthPriv” for more security.
Community strings are like passwords and they should be made as strong as possible.
Restricting the access to SNMP-enabled devices is necessary by limiting which nodes have read-write permissions. Assigning read-only permission is a best practice for possible devices.
Blocking ports 161 and 162 is necessary as leaving them open can allow attackers to access SNMP traffic.
Following these best practices is very necessary as a single attack can result in a costly data breach.