Securing your network with SNMP
This blog is created for network security review, study and understanding about network related issues only!
The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!
After my previous post about Physical and Logical security, today I want to show you about securing the network with SNMP.
What is SNMP?
SNMP stands for Simple Network Management Protocol, is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is alsow known as an application−layer protocol that helps to facilitate the exchange of management information between network devices. SNMP helps network administrators to manage network performance, and troubleshoot network problems, and plan for network growth.
3 basic components of SNMP:An SNMP-managed network consists of three key components:
1. Managed devices: A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be any type of device including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, computer hosts, and printers.
2. Agents: An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.
3. Network-management stations (NMSs): An NMS executes applications that monitor and control managed devices.NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.
An SNMP managed device has various access levels:
+Read−only: Allows read access of the Management Information Base (MIB) on the managed device.
+Read/write: Allows read and write access of the Management Information Base on the managed device.
+Write−only: Allows write access of the Management Information Base on the managed
device.
Cisco IOS software supports 3 versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.
SNMPv1 and SNMPv2c
These two versions use a community based form of security. The group of managers eables to access the agent is defined by an access list and password.
How about SNMPv2c?
SNMPv2c support includes a bulk retrieval echanism and more detailed error message reporting to management stations. The bulk retrieval mechanism supports the retrieval of large quantities of information, minimizing the number of polls required. The SNMPv2c improved error handling support includes a larger number of error codes that distinguish different kinds of error conditions. Error return codes in SNMPv2c report the error type.
How is SNMPv3?
SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level will determine which security mechanism is employed when an SNMP packet is handled.
==>You can read more about SNMP at http://www.cisco.com/en/US/docs/internetworking/technology/handbook/SNMP.html
Other sites you may want to see:
Entertainment on Flixya: http://visalittleboy.flixya.com/
WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
NetworkSecurity: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/
If you like this post, please subscribe below,thanks!
2 comments:
Hi Visa,
Nice start on a complex topic! I recently published an article on this same topic - see the link above.
The key concept to keep in mind is that both SNMPv1 and SNMPv2c versions used by themselves are *not* considered secure since anyone with access to the managed network can simply collect the "community strings" and the "ip addresses" used by the management station and re-use them.
In addition to reviewing the above linked article, I encourage you to gain a fuller understanding of the SNMPv3 USM (see RFC 3414) and VACM (see RFC 3415) mechanisms.
Hi there,
Thank for your comment!
Post a Comment