SNMP Security Is Not My Problem

SNMP was developed to manage nodes (servers, workstations, routers, switches, hubs, and security appliances) on an IP network. All versions of SNMP are application layer protocols that facilitate the exchange of management information between network devices. SNMP is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

SNMP version 1 (SNMPvl) and SNMP version 2 (SNMPv2) are based on three concepts: managers, agents, and MIB. In any configuration, at least one manager node runs SNMP management software. Network devices that need to be managed, such as switches, routers, servers, and workstations, are equipped with an SMNP agent software module. The agent is responsible for providing access to a local MIB of objects that reflects the resources and activity at its node.

The SNMP manager can retrieve, or "get," information from the agent, and change, or "set," information in the agent. Sets can change variables (settings, configuration) in the agent device or initiate actions in devices. A reply to a set indicates the new setting in the device. For example, a set can cause a router to reboot, send, or receive a configuration file. SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.

The action of gets and sets are the vulnerabilities that open SNMP to attack.

© 2006 Cisco Systems, Inc. Securing the Perimeter 2-141

Used to authenticate messages between a management station and an SNMPvl or SNMPv2c engine:

Was this article helpful?

+1 0

Post a comment