SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) VIJAY CHAND UYYURU VENKAT KANCHERLA VENKAT KANCHERLA...

SIMPLE NETWORK SIMPLE NETWORK MANAGEMENT MANAGEMENT

PROTOCOLPROTOCOL(SNMP)(SNMP)

VIJAY CHAND UYYURUVIJAY CHAND UYYURU

VENKAT VENKAT KANCHERLA KANCHERLA

PRATEEK ARORAPRATEEK ARORA

What is network management?What is network management?

Network management includes deployment, Network management includes deployment, integration, and coordination of the hardware, integration, and coordination of the hardware, software, and human elementssoftware, and human elements

to monitor, test, poll, configure, analyze, and to monitor, test, poll, configure, analyze, and control the network and element resources to control the network and element resources to meet the real-time , operational performance, meet the real-time , operational performance, and quality of service requirements at a and quality of service requirements at a reasonable cost.reasonable cost.

Five areas of network Five areas of network managementmanagement

Performance management : to quantify, measure, report, Performance management : to quantify, measure, report, analyze and control the performance of network analyze and control the performance of network components.components.

Fault management : to log, detect, and respond to fault Fault management : to log, detect, and respond to fault conditions in the network.conditions in the network.

Configuration management : allows a network manager to Configuration management : allows a network manager to track which devices are on the managed network and the track which devices are on the managed network and the hardware and software configurations of these devices.hardware and software configurations of these devices.

Accounting management : allows the network manager to Accounting management : allows the network manager to specify, log, and control user and devices access to specify, log, and control user and devices access to network resources. network resources.

Security management : to control access to network Security management : to control access to network resources according to some well defined policyresources according to some well defined policy..

Protocols for Network Protocols for Network managementmanagement

CMISE/CMIP (the Common Management Information CMISE/CMIP (the Common Management Information Services Element/Common Management Information Services Element/Common Management Information Protocol )Protocol )

SNMP (Simple Network Management Protocol)SNMP (Simple Network Management Protocol) Disadvantages of CMIP over SNMPDisadvantages of CMIP over SNMP1.1. the CMIP protocol takes more system resources than the CMIP protocol takes more system resources than

SNMP by a factor of ten SNMP by a factor of ten 2.2. CMIP is large and complete management system that only CMIP is large and complete management system that only

the best equipped networks can afford to run it. the best equipped networks can afford to run it. 3.3. advantage of SNMP over CMIP is that its design is simple advantage of SNMP over CMIP is that its design is simple Disadvantages of SNMPDisadvantages of SNMP1.1. Because it is so simple, the information it deals with is Because it is so simple, the information it deals with is

neither detailed, nor well organized enough to deal with neither detailed, nor well organized enough to deal with the growing networks (corrected in later versions).the growing networks (corrected in later versions).

Evolution of SNMPEvolution of SNMP

In early days of the ARPANET, they used ping to detect In early days of the ARPANET, they used ping to detect the problem.the problem.

When ARPANET turned into WWW, better tools to When ARPANET turned into WWW, better tools to network management are needed.network management are needed.

SNMP provided a systematic way of monitoring and SNMP provided a systematic way of monitoring and managing a computer network.managing a computer network.

Three versions in SNMPThree versions in SNMP SNMPv1 : The initial implementation of the SNMP SNMPv1 : The initial implementation of the SNMP

protocol, which is described in RFC 1098 and RFC 1157 protocol, which is described in RFC 1098 and RFC 1157 SNMPv2 : An improved version of SNMPv1 that SNMPv2 : An improved version of SNMPv1 that

includes additional protocol operations for the SNMPv2 includes additional protocol operations for the SNMPv2 Structure of Management Information (SMI) (RFC Structure of Management Information (SMI) (RFC 1441-1452)1441-1452)

SNMPv3 : SNMPv3 has yet to be standardized SNMPv3 : SNMPv3 has yet to be standardized

What is SNMP?What is SNMP?

The Simple Network Management Protocol The Simple Network Management Protocol (SNMP) is an application-layer protocol that (SNMP) is an application-layer protocol that facilitates the exchange of management facilitates the exchange of management information between a network management information between a network management system (NMS), agents, and managed devices. system (NMS), agents, and managed devices. SNMP uses the Transmission Control SNMP uses the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. Protocol/Internet Protocol (TCP/IP) protocol suite.

SNMP is a part of Internet network ArchitectureSNMP is a part of Internet network Architecture SNMP enables network administrators to manage SNMP enables network administrators to manage

network performance, find and solve network network performance, find and solve network problems, and plan for network growth.problems, and plan for network growth.

Purpose of SNMPPurpose of SNMP

Although the original purpose of SNMP was to Although the original purpose of SNMP was to let network administrators remotely manage an let network administrators remotely manage an Internet system, the design of SNMP lets Internet system, the design of SNMP lets network administrators manage applications as network administrators manage applications as well as systems. well as systems.

Lets you manage and monitor all network Lets you manage and monitor all network components from one consolecomponents from one console

Network management Network management architecturearchitecture

Components of a managed Components of a managed networknetwork

Managed nodesManaged nodes

Agent Agent

Management stationsManagement stations

Management Information Base (MIB)Management Information Base (MIB)

A management protocolA management protocol

Management stationsManagement stations General-purpose computers running special softwareGeneral-purpose computers running special software The management station contain one or more The management station contain one or more

processes that communicate with agents over the processes that communicate with agents over the network, issuing commands and getting responses network, issuing commands and getting responses

An An NMS (network management station) NMS (network management station) executes executes applications that monitor and control managed applications that monitor and control managed devices.devices.

It controls the collection, processing, analysis, and It controls the collection, processing, analysis, and display of network management informationdisplay of network management information

NMSs provide the bulk of the processing and memory NMSs provide the bulk of the processing and memory resources required for network management.resources required for network management.

Managed deviceManaged device

A A managed device managed device is a network node that is a network node that contains an SNMP agent and that resides on a contains an SNMP agent and that resides on a managed networkmanaged network

Managed devices collect and store management Managed devices collect and store management information and make this information available information and make this information available to NMSs using SNMPto NMSs using SNMP

A managed device might be a host, router, A managed device might be a host, router, bridge, hub, printer, or modem.bridge, hub, printer, or modem.

Agent Agent

a a network-management software module that network-management software module that resides in a managed device that communicates resides in a managed device that communicates with management stations.with management stations.

An agent has local knowledge of management An agent has local knowledge of management information and translates that information into information and translates that information into a form compatible with SNMP.a form compatible with SNMP.

SNMP Management SNMP Management information baseinformation base

Each device maintains one or more variables that Each device maintains one or more variables that describes its state. These variables are called objects.describes its state. These variables are called objects.

The collection of all objects in a network is given in a The collection of all objects in a network is given in a datastructure called MIB (management information datastructure called MIB (management information base)base)

MIBs are accessed using a network-management MIBs are accessed using a network-management protocol such as SNMP and identified by object protocol such as SNMP and identified by object identifiers.identifiers.

The MIB hierarchy can be depicted as a tree with a The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by nameless root, the levels of which are assigned by different organizations.different organizations.

When an SNMP manger requests information from an When an SNMP manger requests information from an SNMP agent, the SNMP agent retrieves the current SNMP agent, the SNMP agent retrieves the current value of the requested information from the value of the requested information from the Management Information Base (MIB).Management Information Base (MIB).

Network management Network management protocolprotocol

The protocol runs between the managing entity and The protocol runs between the managing entity and managed device.managed device.

Allows managing entity to query the status of Allows managing entity to query the status of managed device managed device

Agents use it to inform the managing entity of Agents use it to inform the managing entity of exceptional events.exceptional events.

Data are sent using the ASN.1(abstract syntax Data are sent using the ASN.1(abstract syntax notation one) transfer syntax.notation one) transfer syntax.

The structure of management information, SMI, is the The structure of management information, SMI, is the language used to define the management information language used to define the management information residing in a managed-network entity. SMI is used to residing in a managed-network entity. SMI is used to ensure that the syntax and semantics of the network ensure that the syntax and semantics of the network management data are well defined. management data are well defined.

Windows Server 2003 SNMP Windows Server 2003 SNMP Components at Each TCP/IP LayerComponents at Each TCP/IP Layer

Windows Server 2003 SNMP Windows Server 2003 SNMP ComponentsComponents

Component Component Name Name

Associated Associated ProgramsPrograms

Component Component Type Type

Description Description

Microsoft Microsoft SNMP Service SNMP Service

Snmp.exe Snmp.exe Agent Agent Receives SNMP requests and delivers them to the Receives SNMP requests and delivers them to the appropriate SNMP subagent DLL for processing. The appropriate SNMP subagent DLL for processing. The service is also responsible for intercepting events (traps) service is also responsible for intercepting events (traps) from the SNMP subagents and forwarding trap messages from the SNMP subagents and forwarding trap messages to the appropriate management systems. to the appropriate management systems.

SNMP SNMP Subagents Subagents

Inetmib1.dll, Inetmib1.dll, Hostmib.dll, Hostmib.dll, Lmmib2.dll, and Lmmib2.dll, and others others

Agent Agent Provides a set of entry points. When an SNMP request is Provides a set of entry points. When an SNMP request is received, the SNMP service delivers it to the appropriate received, the SNMP service delivers it to the appropriate subagent by calling one of these entry points. After the subagent by calling one of these entry points. After the subagent processes the message, it passes the subagent processes the message, it passes the information back to the SNMP service, which then information back to the SNMP service, which then forwards the message to the SNMP manager. forwards the message to the SNMP manager.

SNMP Utility SNMP Utility API API

Snmpapi.dll Snmpapi.dll Both Agent and Both Agent and Manager Manager

Provides utilities that the SNMP service uses for memory Provides utilities that the SNMP service uses for memory management operations, address-decoding routines, management operations, address-decoding routines, object identifier handling routines, and so forth. object identifier handling routines, and so forth.

Provides a set of routines that SNMP subagents use to Provides a set of routines that SNMP subagents use to handle and order SNMP objects. handle and order SNMP objects.

Although use of the Snmpapi.dll is not required, the Although use of the Snmpapi.dll is not required, the framework defined by this tool greatly facilitates the framework defined by this tool greatly facilitates the development of new SNMP subagents.development of new SNMP subagents.

SNMP Trap SNMP Trap Service Service

Snmptrap.exe Snmptrap.exe Manager Manager Uses the WinSNMP API to forward a trap message sent Uses the WinSNMP API to forward a trap message sent by an SNMP agent to the appropriate SNMP manager by an SNMP agent to the appropriate SNMP manager application application

Windows Server 2003 SNMP Windows Server 2003 SNMP ComponentsComponents

Component Component NameName

Associated Associated ProgramsPrograms

Component Type Component Type DescriptionDescription

WinSNMP APIWinSNMP API

-and--and-

Management Management APIAPI

Wsnmp32.dllWsnmp32.dll

-and--and-

Mgmtapi.dllMgmtapi.dll

Manager Manager Helps develop SNMP management software applications:Helps develop SNMP management software applications:

••The WinSNMP API provides a set of functions for The WinSNMP API provides a set of functions for encoding, decoding, sending, and receiving SNMP encoding, decoding, sending, and receiving SNMP messagesmessages

.•The Management API is a simple API that resides on top .•The Management API is a simple API that resides on top of the WinSNMP and SNMP Utility APIs. It provides a of the WinSNMP and SNMP Utility APIs. It provides a limited set of functions that you can use to develop basic limited set of functions that you can use to develop basic SNMP management applications quickly. SNMP management applications quickly.

SNMP Manager SNMP Manager Application Application

Snmputil.exe Snmputil.exe Manager Manager Provides a basic command-line utility with which to Provides a basic command-line utility with which to retrieve information from any SNMP agent in your retrieve information from any SNMP agent in your network. This example of a management application was network. This example of a management application was developed using the Management API. developed using the Management API.

SNMP Protocol SNMP Protocol BasicsBasics

SNMP does not manage the SNMP does not manage the network by itself but instead network by itself but instead provides a tool for the manager to provides a tool for the manager to manage the corresponding manage the corresponding devices.devices.The preferred transport protocol The preferred transport protocol for carrying SNMP messages is for carrying SNMP messages is UDP and the preferred port UDP and the preferred port number for the SNMP is port 161. number for the SNMP is port 161. Port 162 is used for trap Port 162 is used for trap messages.messages.

SNMP Management SNMP Management Systems and AgentsSystems and Agents

SNMP manager: An SNMP manager, also SNMP manager: An SNMP manager, also known as an SNMP management system or a known as an SNMP management system or a management console, is any computer that management console, is any computer that sends queries for IP-related information to a sends queries for IP-related information to a managed computer, known as an SNMP agent.managed computer, known as an SNMP agent.

SNMP agent: An SNMP agent is any computer SNMP agent: An SNMP agent is any computer or other network device that monitors and or other network device that monitors and responds to queries from SNMP manager.responds to queries from SNMP manager.

The SNMP manager displays the information it The SNMP manager displays the information it receives.receives.

The SNMP agent does not display the The SNMP agent does not display the information that it sends to an SNMP information that it sends to an SNMP manager. manager.

SNMP CommunitySNMP Community To enable SNMP communications To enable SNMP communications

between an SNMP manager and SNMP between an SNMP manager and SNMP agents, we configure the SNMP manager agents, we configure the SNMP manager and the SNMP agents that it manages as and the SNMP agents that it manages as members of an SNMP community. The members of an SNMP community. The community name functions like a community name functions like a password to authenticate password to authenticate communications between the SNMP communications between the SNMP manager and agent.manager and agent.

The SNMP community is an SNMP-The SNMP community is an SNMP-defined group.defined group.

SNMP CommunitySNMP Community A community name acts as a password A community name acts as a password

that is shared, typically by multiple that is shared, typically by multiple SNMP agents and one or more SNMP SNMP agents and one or more SNMP managers. We configure the SNMP managers. We configure the SNMP manager and the computers or devices manager and the computers or devices that it manages as members of a single that it manages as members of a single SNMP community.SNMP community.

An SNMP agent only accepts requests An SNMP agent only accepts requests from SNMP managers that are on the from SNMP managers that are on the agents list of acceptable community agents list of acceptable community names.names.

Understanding the Understanding the Management Information Management Information

Base (MIB)Base (MIB) When an SNMP manager requests When an SNMP manager requests

information from an SNMP agent, the SNMP information from an SNMP agent, the SNMP agent retrieves the current value of the agent retrieves the current value of the requested information from the Management requested information from the Management Information Base (MIB).Information Base (MIB).

The MIB defines the managed objects that an The MIB defines the managed objects that an SNMP manager monitors on an SNMP agent.SNMP manager monitors on an SNMP agent.

Each system in a network maintains a MIB Each system in a network maintains a MIB that reflects the status of the managed that reflects the status of the managed resources on that system, such as the version resources on that system, such as the version of the software, amount of free hard drive of the software, amount of free hard drive space etc.space etc.

Manager Requesting Manager Requesting number of Sessions from an number of Sessions from an

SNMP AgentSNMP Agent


SNMP AgentSNMP Agent1.1. The SNMP manager, Host A, forms an The SNMP manager, Host A, forms an

SNMP message that contains an SNMP message that contains an information request(Get) for the number information request(Get) for the number of active sessions, the name of the of active sessions, the name of the community to which the SNMP manager community to which the SNMP manager belongs, and the destination of the belongs, and the destination of the message – the IP address of the SNMP message – the IP address of the SNMP agent, Host B.agent, Host B.

2.2. The SNMP manager sends the information The SNMP manager sends the information request to Host B by using the SNMP request to Host B by using the SNMP service libraries.service libraries.


SNMP AgentSNMP Agent3.3. When Host B receives the message, it verifies When Host B receives the message, it verifies

that the community name contained in the that the community name contained in the packet is on its list of acceptable community packet is on its list of acceptable community names, evaluates the request against the names, evaluates the request against the agents list of access permissions for that agents list of access permissions for that community, and verifies the source IP address. community, and verifies the source IP address. If the information is incorrect then the agent If the information is incorrect then the agent sends a trap message “authentication failure” sends a trap message “authentication failure” to the specified trap destination, Host C.to the specified trap destination, Host C.

4.4. The master agent component of the SNMP The master agent component of the SNMP agent calls the appropriate extension agent to agent calls the appropriate extension agent to retrieve the requested session information retrieve the requested session information from the MIB.from the MIB.


SNMP AgentSNMP Agent5.5. Using the session information that it Using the session information that it

retrieved from the extension agent, retrieved from the extension agent, the SNMP service forms a return the SNMP service forms a return SNMP message that contains the SNMP message that contains the number of active sessions and the number of active sessions and the destination – the IP address of the destination – the IP address of the SNMP manager, Host A.SNMP manager, Host A.

6.6. Host B sends the response to Host A.Host B sends the response to Host A.

Information TypesInformation Types

An SNMP manager can request the following An SNMP manager can request the following types of information from the SNMP types of information from the SNMP agents that it monitors:agents that it monitors:

Network protocol identification and Network protocol identification and statistics.statistics.

Dynamic identification of devices attached Dynamic identification of devices attached to the network.to the network.

Hardware and software configuration Hardware and software configuration data.data.

Device error and event messages.Device error and event messages. Program and application usage statistics.Program and application usage statistics.

SNMP MessagesSNMP Messages

SNMP sends operation requests and SNMP sends operation requests and responses as SNMP messages. An SNMP responses as SNMP messages. An SNMP message consists of an SNMP protocol data message consists of an SNMP protocol data unit (PDU) plus additional message header unit (PDU) plus additional message header elements defined by the relevant RFC. elements defined by the relevant RFC.

An SNMP agent sends information in two An SNMP agent sends information in two situations:situations:

1.1. When it responds to a request from an When it responds to a request from an SNMP manager andSNMP manager and

2.2. When a trap event occurs.When a trap event occurs.

SNMP Message TypesSNMP Message Types Get:Get: Accesses and retrieves the current value of one Accesses and retrieves the current value of one

or more MIB objects on an SNMP agent.or more MIB objects on an SNMP agent. GetResponse:GetResponse: Replies to a Get, GetNext, or Set Replies to a Get, GetNext, or Set

operation.operation. GetNext:GetNext: Obtains the information from selected Obtains the information from selected

columns from one or more rows of a table.columns from one or more rows of a table. GetBulk:GetBulk: Accesses multiple values at one time Accesses multiple values at one time

without using GetNext message.without using GetNext message. Set:Set: Changes the current value of an MIB object. Changes the current value of an MIB object. Trap:Trap: Notifies the SNMP manager when an Notifies the SNMP manager when an

unexpected event occurs locally on the managed host.unexpected event occurs locally on the managed host. All the above messages except Trap and GetResponse All the above messages except Trap and GetResponse

are from Manager to Host.are from Manager to Host.

SNMP Message TypesSNMP Message Types

Message Sent Between an Message Sent Between an SNMP Manager and its SNMP Manager and its

Managed DevicesManaged Devices

SNMP Basic Message SNMP Basic Message FormatFormat

SNMP Message HeaderSNMP Message Header SNMPv2 message headers contain two fields:

Version Number and Community Name. The following descriptions summarize these fields:

Version number—Specifies the version of SNMP that is being used.

Community name—Defines an access environment for a group of NMSs. NMSs within the community are said to exist within the same administrative domain. Community names serve as a weak form of authentication because devices that do not know the proper community name are precluded from SNMP operations.

PDU Formats

Get, GetNext, Response, Set, and Trap PDUs Contain the Same Fields.

SNMP Protocol Data Unit SNMP Protocol Data Unit (PDU)(PDU)

The following descriptions summarize the fields illustrated in Figure:

PDU type—Identifies the type of PDU transmitted (Get, GetNext, Inform, Response, Set, or Trap).

Request ID—Associates SNMP requests with responses.

SNMP Protocol Data Unit SNMP Protocol Data Unit (PDU)(PDU)

Error status—Indicates one of a number of errors and error types. Only the response operation sets this field. Other operations set this field to zero.

Error index—Associates an error with a particular object instance. Only the response operation sets this field. Other operations set this field to zero.

Variable bindings—Serves as the data field of the SNMPv2 PDU. Each variable binding associates a particular object instance with its current value (with the exception of Get and GetNext requests, for which the value is ignored).

SNMP ApplicationsSNMP Applications

Command generator: The command Command generator: The command generator generates the GetRequest, generator generates the GetRequest, GetNextRequest, GetBulkRequest, and GetNextRequest, GetBulkRequest, and SetRequest PDUs and handles the SetRequest PDUs and handles the received responses to these PDUs.received responses to these PDUs.

The command responder executes in an The command responder executes in an agent and receives, processes, and agent and receives, processes, and replies to received GetRequest, replies to received GetRequest, GetNextRequest, GetBulkRequest, and GetNextRequest, GetBulkRequest, and SetRequest PDUs.SetRequest PDUs.

SNMP ApplicationsSNMP Applications

Notification originator: The Notification originator: The notification originator application in notification originator application in an agent generates Trap PDUs; these an agent generates Trap PDUs; these PDUs are eventually received and PDUs are eventually received and processed in a notification receiver processed in a notification receiver application at a managing entity.application at a managing entity.

Proxy forwarder: The proxy forwarder Proxy forwarder: The proxy forwarder application forwards request, application forwards request, notification, and response PDUs.notification, and response PDUs.

SNMP SNMP Vulnerability and Vulnerability and

SecuritySecurity

WHAT ARE THE WHAT ARE THE THREATS?THREATS?

Modification of InformationModification of Information

The modification threat is the danger The modification threat is the danger that some unauthorized entity may alter that some unauthorized entity may alter in-transit SNMP messages generated on in-transit SNMP messages generated on behalf of an authorized principal in such behalf of an authorized principal in such a way as to effect unauthorized a way as to effect unauthorized management operations, including management operations, including falsifying the value of an object.falsifying the value of an object.

WHAT ARE THE THREATS? WHAT ARE THE THREATS? (contd.)(contd.)

MasqueradeMasquerade

The masquerade threat is the danger The masquerade threat is the danger that management operations not that management operations not authorized for some user may be authorized for some user may be attempted by assuming the identity attempted by assuming the identity of another user that has the of another user that has the appropriate authorizations.appropriate authorizations.


DisclosureDisclosure

The disclosure threat is the danger The disclosure threat is the danger of eavesdropping on the exchanges of eavesdropping on the exchanges between managed agents and a between managed agents and a management station. Protecting management station. Protecting against this threat may be required against this threat may be required as a matter of local policy.as a matter of local policy.


Message Stream ModificationMessage Stream Modification

The SNMP protocol is typically based upon a The SNMP protocol is typically based upon a connection-less transport service which may connection-less transport service which may operate over any sub-network service. The operate over any sub-network service. The re-ordering, delay or replay of messages can re-ordering, delay or replay of messages can and does occur through the natural operation and does occur through the natural operation of many such sub-network services.of many such sub-network services.

The message stream modification threat is The message stream modification threat is the danger that messages may altered, in the danger that messages may altered, in order to effect unauthorized management order to effect unauthorized management operations.operations.

WHAT IS NOT A WHAT IS NOT A THREAT?THREAT?

Denial of ServiceDenial of Service

The current SNMP security model does not The current SNMP security model does not attempt to address the broad range of attacks attempt to address the broad range of attacks by which service on behalf of authorized users by which service on behalf of authorized users is denied.is denied.

Indeed, such denial-of-service attacks are in Indeed, such denial-of-service attacks are in many cases in distinguishable from the type of many cases in distinguishable from the type of network failures with which any viable network failures with which any viable network management protocol must cope up network management protocol must cope up with.with.

WHAT IS NOT A THREAT? WHAT IS NOT A THREAT? (contd.)(contd.)

Traffic AnalysisTraffic Analysis

The current SNMP security model does not The current SNMP security model does not attempt to address traffic analysis attacks. attempt to address traffic analysis attacks. Indeed, many traffic patterns are Indeed, many traffic patterns are predictable – devices may be managed on a predictable – devices may be managed on a regular basis by a relatively small number of regular basis by a relatively small number of management applications – and therefore management applications – and therefore there is no significant advantage afforded by there is no significant advantage afforded by protecting against traffic analysis.protecting against traffic analysis.

GOALS AND GOALS AND CONSTRAINTSCONSTRAINTS

Based on the foregoing account of threats Based on the foregoing account of threats in the SNMP network management in the SNMP network management environment, the goals of a SNMP security environment, the goals of a SNMP security model are as follows:model are as follows:

Provide for verification that each received Provide for verification that each received SNMP message has not been modified SNMP message has not been modified during its transmission through the during its transmission through the network.network.

Provide for verification of the identity of the Provide for verification of the identity of the user on whose behalf a received SNMP user on whose behalf a received SNMP message claims to have been generated.message claims to have been generated.

GOALS AND CONSTRAINTS GOALS AND CONSTRAINTS (contd.)(contd.)

Provide for detection of received Provide for detection of received SNMP messages, which request or SNMP messages, which request or contain management information, contain management information, whose time of generation was not whose time of generation was not recent.recent.

Provide, when necessary, that the Provide, when necessary, that the contents of each received SNMP contents of each received SNMP message are protected from message are protected from disclosure.disclosure.

SECURITY SERVICESSECURITY SERVICES

Data IntegrityData Integrity is provision of the is provision of the property that data or data sequences has property that data or data sequences has not been altered or destroyed in an not been altered or destroyed in an unauthorized manner.unauthorized manner.

Data Origin AuthenticationData Origin Authentication is the is the provision of the property that the provision of the property that the claimed identity of the user on whose claimed identity of the user on whose behalf received data was originated is behalf received data was originated is corroborated.corroborated.

SECURITY SERVICES SECURITY SERVICES (contd.)(contd.)

Data ConfidentialityData Confidentiality is the provision of is the provision of the property that information is not the property that information is not made available or disclosed to made available or disclosed to unauthorized individuals, entities, unauthorized individuals, entities, entities, or processes.entities, or processes.

Message timeliness and limited Message timeliness and limited replay protectionreplay protection is the provision of is the provision of the property that a message whose the property that a message whose generation time is outside of a specified generation time is outside of a specified time window is not accepted.time window is not accepted.

VULNERABILITYVULNERABILITYFollowing are some of the SNMP vulnerabilities Following are some of the SNMP vulnerabilities with reference to CERT database.with reference to CERT database.

Vulnerability Note VU#4923Vulnerability Note VU#4923: The Microsoft : The Microsoft SNMP agent, prior to Windows NT 4.0 Service SNMP agent, prior to Windows NT 4.0 Service Pack 4.0, will leak memory. An intruder can craft Pack 4.0, will leak memory. An intruder can craft a malicious SNMP packet and consume memory a malicious SNMP packet and consume memory on a victim host. Solution is to upgrade to on a victim host. Solution is to upgrade to Windows NT service pack 4 or later.Windows NT service pack 4 or later.

Vulnerability Note VU#173910Vulnerability Note VU#173910: A vulnerability : A vulnerability exists in multiple Symantec security appliances exists in multiple Symantec security appliances that could allow a remote attacker to modify the that could allow a remote attacker to modify the configuration of the device using SNMP. Solution configuration of the device using SNMP. Solution according to the Symantec Advisory is to update according to the Symantec Advisory is to update the firmware from Symantec enterprise website.the firmware from Symantec enterprise website.

VULNERABILITY (contd.)VULNERABILITY (contd.) Vulnerability Note VU#835846Vulnerability Note VU#835846: Ethereal : Ethereal

contains a vulnerability in the way it contains a vulnerability in the way it processes that fails to properly handle processes that fails to properly handle malformed SNMP packets. Solution is to malformed SNMP packets. Solution is to either upgrade to version 0.10.5 or later, or to either upgrade to version 0.10.5 or later, or to disable SNMP protocol dissector.disable SNMP protocol dissector.

Vulnerability Note VU#329230Vulnerability Note VU#329230: A : A vulnerability exists in multiple Symantec vulnerability exists in multiple Symantec security appliances that could allow a remote security appliances that could allow a remote attacker to bypass the firewall using a source attacker to bypass the firewall using a source port of 53/udp. Solution according to the port of 53/udp. Solution according to the Symantec Advisory, is to upgrade the product Symantec Advisory, is to upgrade the product specific firmware and hot fixes are available specific firmware and hot fixes are available via the Symantec Enterprise Support site.via the Symantec Enterprise Support site.

Review questionsReview questions

1.1. What are the five areas of network What are the five areas of network management and explain them?management and explain them?

2.2. What is the purpose of SNMP?What is the purpose of SNMP?

3.3. What are the components in network What are the components in network management architecture and define management architecture and define them?them?

4.4. What are the types of messages What are the types of messages between SNMP manager and agent?between SNMP manager and agent?

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) VIJAY CHAND UYYURU VENKAT KANCHERLA VENKAT KANCHERLA...

Documents

Transcript of SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) VIJAY CHAND UYYURU VENKAT KANCHERLA VENKAT KANCHERLA...