Simple Network Management Protocol (SNMP) is an internet protocol of the OSI Application layer 7. It collects and organizes information about managed devices on IP networks and modifies that information to change device behavior.
SNMP is widely used for network management and network monitoring. It provides information about network resources such as cable modems, routers, switches, servers, workstations, printers, hosts, devices, shares, etc. and network information such as ARP tables, routing tables, traffic, etc.
SNMP consists of a manager and an agent; agents are embedded on every network device, and the manager is installed on a separate computer.
SNMP holds two passwords to access and configure the SNMP agent from the management station:
- Read community string: It is public by default; allows viewing of device/system configuration
- Read/write community string: It is private by default; allows remote editing of configuration
There has been different SNMP versions:
- SNMPv1
- SNMPv2
- SNMPv3
SNMPv3 introduces security elements between managers and agents.
SNMP Messages
| Feature | v1 | v2 | v3 |
| Get | Yes | Yes | Yes |
| GetNext | Yes | Yes | Yes |
| GetBulk | No | Yes | Yes |
| Set | Yes | Yes | Yes |
| Trap | Yes | Yes | Yes |
| Inform | No | Yes | Yes |
| Community strings | Yes | Yes | No |
| User based security | No | No | Yes |
| Message authentication | No | No | Yes |
| Message encryption | No | No | Yes |
GET BULK is used to get big data from a big management information base (MIB) table.
Inform-request is used when an agent wants to notify a server with acknowledgement of receipt.
A trap is an asynchronous notification from an agent to a manager.
SNMP Key Components
SNMP Key Components
- Network Manager System (NMS)
- Administered devices
- Agents
SNMP Authentication and Encryption
One of the main problems with using SNMP v1 and v2 is the cleartext “community string” that it uses to authenticate. It is easy to sniff and reuse. Most times, the SNMP community string is shared throughout the organization’s servers and routers, making this authentication problem a serious threat to security.
SNMP version 3 (SNMPv3) provides secure authentication and encryption features.
It supports authentication using HMAC-SHA (Hashed Message Authentication Code with Secure Hash Algorithm) and encryption using AES (Advanced Encryption Standard).
SNMP Enumeration Tools
You can read this post about SNMP enumeration tools.
You might be interested in…
External References
- Wikipedia community; “Simple Network Management Protocol“; Wikipedia
- ISACA; “CISM Review QA&E Manual 9th Edtion”, S3-215; ISACA