In a network environment, it is a good practice monitor Cisco devices.
One of the most famous protocol to control and manage Cisco devices is SNMP (Simple Network Management Protocol).
SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
The main features are:
- The SNMP is an application layer protocol that facilitates the exchange of management information between network devices.
- It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. It uses UDP port 161 for the agent and UDP port 162 for the manager.
- SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
- There are 3 types of SNMP: V1, V2, V3
SNMP Security Models and Levels:
|v1||noAuthNoPriv||Community String||No||Uses a community string match for authentication.|
|v2c||noAuthNoPriv||Community String||No||Uses a community string match for authentication.|
|v3||noAuthNoPriv||Username||No||Uses a username match for authentication.|
|v3||authNoPriv||MD5 or SHA||No||Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.|
|v3||authPriv||MD5 or SHA||DES||Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.|
As you can see from the table, SNMP versions 1 and 2c are subject to packet sniffing of the clear text community string from the network traffic, because they do not implement encryption. For this reason, version3 is the current standard version of SNMP as of 2004.
SNMPv3 provides important security features:
- Message integrity to ensure that a packet has not been tampered with in transit.
- Authentication to verify that the message is from a valid source.
- Encryption of packets to prevent snooping by an unauthorized source.
As specified in Internet RFCs and other documents, a network management system comprises:
- Network elements — Sometimes called managed devices, network elements are hardware devices such as computers, routers, and terminal servers that are connected to networks.
- Agents — Agents are software modules that reside in network elements. They collect and store management information such as the number of error packets received by a network element.
- Managed object — A managed object is a characteristic of something that can be managed. For example, a list of currently active TCP circuits in a particular host computer is a managed object. Managed objects differ from variables, which are particular object instances. Using our example, an object instance is a single active TCP circuit in a particular host computer. Managed objects can be scalar (defining a single object instance) or tabular (defining multiple, related instances).
- Management information base (MIB) — A MIB is a collection of managed objects residing in a virtual information store. Collections of related managed objects are defined in specific MIB modules.
- Syntax notation — A syntax notation is a language used to describe a MIB’s managed objects in a machine-independent format. Consistent use of a syntax notation allows different types of computers to share information. Internet management systems use a subset of the International Organization for Standardization’s (ISO’s) Open System Interconnection (OSI) Abstract Syntax Notation 1 (ASN.1) to define both the packets exchanged by the management protocol and the objects that are to be managed.
- Structure of Management Information (SMI) — The SMI defines the rules for describing management information. The SMI is defined using ASN.1.
- Network management stations (NMSs) — Sometimes called consoles, these devices execute management applications that monitor and control network elements. Physically, NMSs are usually engineering workstation-caliber computers with fast CPUs, megapixel color displays, substantial memory, and abundant disk space. At least one NMS must be present in each managed environment.
- Parties — Newly defined in SNMPv2, a party is a logical SNMPv2 entity that can initiate or receive SNMPv2 communication. Each SNMPv2 party comprises a single, unique party identity, a logical network location, a single authentication protocol, and a single privacy protocol. SNMPv2 messages are communicated between two parties. An SNMPv2 entity can define multiple parties, each with different parameters. For example, different parties can use different authentication and/or privacy protocols.
- Management protocol — A management protocol is used to convey management information between agents and NMSs. SNMP is the Internet community’s de facto standard management protocol.
More information about SNMP:
RFC 1155: Structure and Identification of Management Information for the TCP/IP-based Internets
RFC 1156: Management Information Base for Network Management of TCP/IP-based internets
RFC 1157: A Simple Network Management Protocol (SNMP)
RFC 1441: Introduction to version 2 of the Internet-standard Network Management Framework
RFC 1213: Management Information Base for Network Management of TCP/IP-based internets: MIB-II
RFC 3410 (Informational): Introduction and Applicability Statements for Internet Standard Management ramework
RFC 3411 (Standard 62): An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
RFC 3412 (Standard 62): Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
RFC 3413 (Standard 62): Simple Network Management Protocol (SNMP) Application
RFC 3414 (Standard 62): User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 3415 (Standard 62): View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 3416 (Standard 62): Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)
RFC 3417 (Standard 62): Transport Mappings for the Simple Network Management Protocol (SNMP)
RFC 3418 (Standard 62): Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)
RFC 3584 (Best Current Practice): Coexistence between Version 1, Version 2, andVersion 3 of the Internet-standard Network Management Framework
RFC 3826 (Proposed): The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model