What Is SNMP And Is It Secure
Whether it be SNMP traps or community strings, there is a very good chance you have heard of this veteran network monitoring protocol at some point in your career. With well over twenty years of existence, the simple network monitoring protocol has provided us with just that, basic insight into the health of network devices, servers and software.
Simply put, SNMP is a monitoring protocol which works by query. A network monitoring tool such as Ipswitch’s WhatsUp Gold or any other SNMP monitor, will query a device or software using an SNMP OID (Object Identifier) or query string.
The response back could be any value related to OID the queried. For example, it might return a number 3 which for a Dell iDrac storage array means “OK”. The querying software will know which returned values represent good health and those that do not, giving an indication of health.
In addition to this querying or reading action, SNMP support write functions. In other words, SNMP can be used to make configuration changes on devices. Take for example a Cisco Layer 3 switch, SNMP write commands can be used to change the running configuration file.
While SNMP is a querying protocol, it also includes the ability to send alerting messages when certain conditions arise, usually emergency notifications like a failed hardware component. These messages are usually received by the same network monitoring tool or SNMP tool to contribute to the overall indication of device or application health.
This has largely been replaced by logging protocols such as Syslog, which provide much richer detail.
Want to learn more about network monitoring solutions? Take a look at ourdefinitive guide to network monitoring and incident response.
What is the Difference Between SNMP v1, v2C and v3?
SNMPv1 is the oldest and original version of the SNMP protocol, supporting 32-bit counters. SNMP v1 biggest flaw is its use of a clear-text community string, which is used to identify the device and forms a very primitive style of authentication. With most devices using the default community string as “public” there is a significant risk of snooping or unauthorised changes depending on whether permissions have been set to read-only or write.
SNMPv2c was created to alleviate the issue of the 32-bit counters, upgrading the protocols capabilities to support 64-bit. The risks surrounding the community string still remains.
SNMPv3 was recognised by the IETF in 2004. It adds a both encryption and authentication options to both prevent snooping and unauthorised access. Set us is far more complicated than creating a community string but mitigates many of the risks inherent in SNMP v1 and v2c.
Are you interested in network monitoring solutions? Ipswitch WhatsUp Gold is the industry leader in network monitoring and has been in use by fortune 500 organisations throughout the world, for over fifteen years. Book a demonstration with out of our consultants to learn more.
SNMP is without a doubt a very useful protocol for the management and monitoring of network devices, servers and applications. Whether it is secure or not really comes down to the level of risk which is acceptable to the organisation.
SNMPv1 and v2c do have flaws in that authentication is almost non-existent. However, if you do insist on using these protocols, it is recommended that you change the default community and you restrict SNMP to read-only. Where it is possible, always try to use SNMPv3. Some legacy devices, servers and applications may have to upgraded to support the newer protocol. A possible operational problem but a must for the greatest reduction of risk and the highest possible levels of security.
Take a look at our blog post – Ten Reasons why Network Monitoring Software is a Must Have.