Whether it be SNMP traps or community strings, there is a very good chance you have heard of this veteran network monitoring protocol at some point in your career. With well over twenty years of existence, the simple network monitoring protocol has provided us with just that, basic insight into the health of network devices, servers and software.
What is SNMP?
Simply put, SNMP is a monitoring protocol which works by query. A network monitoring tool such asIpswitch's WhatsUp Goldor any other SNMP monitor, will query a device or software using an SNMP OID (Object Identifier) or query string.
The response back could be any value related to OID the queried. For example, it might return a number 3 which for a Dell iDrac storage array means "OK". The querying software will know which returned values represent good health and those that do not, giving an indication of health.
In addition to this querying or reading action, SNMP support write functions. In other words, SNMP can be used to make configuration changes on devices. Take for example a Cisco Layer 3 switch, SNMP write commands can be used to change the running configuration file.
What is an SNMP Trap?
While SNMP is a querying protocol, it also includes the ability to send alerting messages when certain conditions arise, usually emergency notifications like a failed hardware component. These messages are usually received by the same network monitoring tool or SNMP tool to contribute to the overall indication of device or application health.
This has largely been replaced by logging protocols such as Syslog, which provide much richer detail.
What is the Difference Between SNMP v1, v2C and v3?
SNMPv1 is the oldest and original version of the SNMP protocol, supporting 32-bit counters. SNMP v1 biggest flaw is its use of a clear-text community string, which is used to identify the device and forms a very primitive style of authentication. With most devices using the default community string as "public" there is a significant risk of snooping or unauthorised changes depending on whether permissions have been set to read-only or write.
SNMPv2c was created to alleviate the issue of the 32-bit counters, upgrading the protocols capabilities to support 64-bit. The risks surrounding the community string still remains.
SNMPv3 was recognised by the IETF in 2004. It adds a both encryption and authentication options to both prevent snooping and unauthorised access. Set us is far more complicated than creating a community string but mitigates many of the risks inherent in SNMP v1 and v2c.
SNMP is without a doubt a very useful protocol for the management and monitoring of network devices, servers and applications. Whether it is secure or not really comes down to the level of risk which is acceptable to the organisation.
SNMPv1 and v2c do have flaws in that authentication is almost non-existent. However, if you do insist on using these protocols, it is recommended that you change the default community and you restrict SNMP to read-only. Where it is possible, always try to use SNMPv3. Some legacy devices, servers and applications may have to upgraded to support the newer protocol. A possible operational problem but a must for the greatest reduction of risk and the highest possible levels of security.