concept
Simple Network Management Protocol (SNMP), consisting of a set of network-managed standards, including an application layer protocol, database model
(database schema), and a set of data objects. The protocol supports a network management system to monitor whether devices connected to the network have any administrative concerns.
The agreement is part of the internet protocol suite defined by the Internet Engineering Task Force (IETF).
SNMP basic components and architecture
Please refer to the extended reading "Simple Network Management Protocol (SNMP) Basic Components and Architecture" at the end of this entry.
SNMP working process
In typical SNMP usage, there are many systems that are managed and one or more systems are managing them. An agent called another agent on each managed system.
Software components, and report information to the management system via SNMP.
Basically, SNMP agents present management data in variables. The management system retrieves the information through GET, GETNEXT and GETBULK protocol instructions, or the agent is not asked
, use TRAP or INFORM to transfer data. The management system can also transmit requests for configuration updates or controls, and achieve the purpose of actively managing the system through SET protocol instructions. Configuration and control instructions only
It is used when the basic structure of the network needs to be changed, and the monitoring instructions are usually normal work.
Variables that can be accessed via SNMP are combined in a hierarchical manner. These hierarchies and other metadata (such as the type and description of variables) are described in the form of Management Information Bases (MIBs).
Development of the SNMP protocol
First edition
SNMP version 1 and SMI specification data type SNMP The first version of SMI specifies the data types of many SMI specifications, which are divided into two categories:
Simple data type
Generic data type
second edition
SNMP version 2 and management information structure SNMP version 2 SMI is described in RFC 2578, which is added and enhanced on the SMI specification data type of the first version of SNMP, such as bit string
(bit strings), network addresses, and counters.
The SNMP protocol operates at the application layer (layer 7) of the OSI model, specifying five core PDUs in the first release:
GET REQUEST
GET NEXT REQUEST
GET RESPONSE
SET REQUEST
TRAP
Other PDUs were added in the second version of SNMP and include:
GETBULK REQUEST
INFORM
SNMP Second Edition SMI Information Module SNMP Second Edition SMI also specifies an information module to detail a group of related definitions. There are three SMI information modules: MIB module, response status, capability
status.
Third edition
SNMP version 3 SNMP version 3 is defined by RFC 3411-RFC 3418, which mainly increases the security of SNMP in terms of security and remote configuration.
The third edition of SNMP provides important security features:
Information integrity: Ensure that the packet has not been tampered with during transmission.
Certification: The inspection information comes from the correct source.
Packet Encryption: Avoid being snooped by unauthorized sources.
SNMP information
MIB, Management Information Base: Management information base, a management object database accessed by the network management protocol, which includes SNMP management through SNMP management of network devices.
The variables to be set. SMI, Structure of Management Information: A management information structure that defines rules for objects that are accessible through a network management protocol. SMI
The name of the data type and network resource used in the MIB in the MIB.
Network management using SNMP requires the following important parts: managing base stations, management agents, management information bases, and network management tools. The management base station is usually a separate device, it
Used as a user interface for network management for network management. The base station must be equipped with management software, a user interface that the administrator can use, and a database for obtaining information from the MIB.
Line network management It should have the ability to send management commands to the base station.
A management agent is a type of network device, such as a host, bridge, router, and hub. These devices must be able to receive information from the management base station. Their status must also be
Manage base station monitoring. The management agent performs corresponding operations in response to the request of the base station, and may also send information to the base station without request.
A MIB is a collection of objects that represent resources and devices that can be managed on the network. Each object is basically a data variable that represents information about one side of the managed object.
The last aspect is the management protocol, which is SNMP. The basic functions of SNMP are: obtaining, setting and receiving unexpected information sent by the agent. Acquisition refers to the base station sending a request, the proxy root
According to the request, the corresponding data is sent back, and the setting is the value of the base station setting management object (that is, the proxy), and the unexpected information sent by the receiving proxy means that the proxy can be in the state that the base station does not request the base station.
The station reports an unexpected situation.
SNMP is an application layer protocol and is part of the TCP/IP suite of protocols. It operates through the User Datagram Protocol (UDP). In a separate management station, the manager process is located in the center of the management station.
The MIB's access is controlled and a network administrator interface is provided. The administrator process completes network management through SNMP. SNMP in UDP, IP and related special network protocols (eg, Ethernet,
Implemented on top of FDDI, X.25).
SNMP risk
Networks connected to the Internet face many risks, Web servers may be attacked, and the security of mail servers is also worrying. But beyond that, there may be some recessiveness on the network.
Vulnerabilities. Most networks always have some devices running SNMP services. Many of these SNMP services are unnecessary, but they are not taken seriously by network administrators.
According to the SANS Association report, SNMP is one of the top ten factors for threat security for hosts accessing the Internet. At the same time, SNMP is the most common service on Internet hosts.
One. In particular, SNMP services typically run on devices at the edge of the network (devices outside the firewall protection ring), further exacerbating the risks posed by SNMP. It all sounds like a surprise
Expect, but in fact things should not be like this.
background knowledge
Developed in the early 1990s, SNMP was designed to simplify the management of devices and the acquisition of data in large networks. Many network-related packages, such as HP's Open View and Nortel
Networks' Optivity Network Management System, as well as free software such as Multi Router Traffic Grapher (MRTG), use SNMP services to simplify the network.
Management and maintenance.
Because the effect of SNMP is really good, network hardware vendors began to add SNMP to every device they manufacture. Today, you can see the default enabled on various network devices.
SNMP services, from switches to routers, from firewalls to network printers, without exception.
The widespread distribution is not enough to pose a threat. The problem is that many vendors install SNMP using the default communication string (such as password). These communication strings are program acquisition settings.
Preparing information and modifying the configuration are essential. The advantage of using the default communication string is that the software on the network can access the device directly without complicated configuration.
The communication string mainly contains two types of commands: the GET command and the SET command. The GET command reads data from the device, which is usually an operational parameter such as connection status, interface name, and so on.
The SET command allows you to set certain parameters of the device. These functions are generally limited, such as turning off a network interface and modifying router parameters. But obviously, GET, SET commands are possible
Used for denial of service attacks (DoS) and malicious modification of network parameters.
The most common default communication strings are public (read/write) and private (read-only), in addition to many vendor-specific default communication strings. Almost all networks running SNMP
Some form of default communication string can be found on the network device.
The security mechanisms of SNMP2.0 and SNMP1.0 are relatively fragile, communication is not encrypted, and all communication strings and data are sent in clear text. Once the attacker captures the network communication, it can benefit
Using a variety of sniffing tools to get the communication string directly, even if the user changes the default value of the communication string does not help.
SNMP 3.0, which has only appeared in recent years, solves some problems. To protect communication strings, SNMP 3.0 uses the DES (DataEncryptionStandard) algorithm to encrypt data communications;
SNMP 3.0 can also use the MD5 and SHA (SecureHashAlgorithm) technology to verify the node's identifier, thus preventing the attacker from impersonating the identity of the management node to operate the network.
Although SNMP 3.0 has been around for a while, it has not been widely used. If the device is a product 2 or 3 years ago, it is likely that SNMP3.0 is not supported at all; even some newer ones
The device is also only SNMP2.0 or SNMP1.0.
Even if the device already supports SNMP 3.0, many vendors use standard communication strings, which are not a secret to hackers. So although SNMP3.0 is better than
The previous version provided more security features, and if not properly configured, the actual effect is still limited.
Disable SNMP
The most thorough way to avoid the security risks posed by SNMP services is to disable SNMP. If you don't use SNMP to manage your network, there is no need to run it; if you don't know if there is
It is necessary to run SNMP, which is probably not actually needed. Even if you plan to use SNMP in the future, you should disable SNMP first, as long as it is not used now, until you really need to use SNMP.
Below is a list of how to disable the SNMP service on common platforms.
â– Windows XP and Windows 2000
In XP and Win2K, right click on "My Computer" and select "Manage". Expand "Services and Applications", "Services", select the SNMP service from the list of services, stop the service
. Then open the service's "Properties" dialog box, change the startup type to "disabled" (according to Microsoft's default settings, Win2K/XP does not install SNMP service by default, but many software will be installed automatically.
The service).
â– WindowsNT4.0
Select "Start" → "Settings", open the service setup program, select the SNMP service in the service list, stop the service, and then change its startup type to disabled.
â– Windows9x
Open the Network Settings program in the Control Panel. On the Configuration page, select Microsoft SNMP Agent from the list of installed components and click Remove. an examination
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run registration key, confirm that no snmp.exe exists.
â– Cisco Systems Hardware
For Cisco network hardware, execute the "noSNMP-server" command to disable the SNMP service. If you want to check if SNMP is off, you can execute the "showSNMP" command. These orders are only suitable
For platforms running Cisco IOS; for non-IOS Cisco devices, please refer to the documentation.
â– HP hardware
For all HP network devices that use the Jet Direct card (which is used by most HP network printers), connect to the Jet Direct card's IP address using telnet, and then perform the following
command:
SNMP-config: 0
Quit
These commands will turn off the device's SNMP service. However, it must be noted that disabling the SNMP service affects the discovery operation of the service and the port monitoring mechanism that uses SNMP to obtain the status of the device.
â– RedHatLinux
For RedHatLinux, you can use the Linuxconf tool to remove SNMP from the auto-started service list, or delete the SNMP-enabled line directly from the /etc/services file. For its
His Linux system, the method of operation should be similar.
Secure SNMP
If some devices do have to run SNMP, you must secure them. The first thing to do is to determine which devices are running the SNMP service. Unless the entire network is regularly
Line port scanning, fully grasp the services running on each machine and equipment. Otherwise, it is very likely that one or two SNMP services will be missed. Special attention should be paid to network switches and printers.
Devices such as these also run SNMP services. After determining the operation of the SNMP service, take the following measures to ensure service security.
â– Load the patch for the SNMP service
Install the SNMP service patch and upgrade the SNMP service to version 2.0 or higher. Contact the manufacturer of the device for information on security vulnerabilities and upgrade patches.
â– Protecting SNMP communication strings
A very important protection is to modify all default communication strings. According to the description of the device documentation, check and modify each standard and non-standard communication string one by one.
If you miss any item, you can contact the manufacturer for detailed instructions if necessary.
â– Filter SNMP
Another protection that can be taken is to filter SNMP traffic and requests on the network boundary, ie on the firewall or border router, blocking the ports used by SNMP requests. Standard SNMP service
With ports 161 and 162, vendor-private implementations typically use ports 199, 391, 705, and 1993. After disabling these port communications, the ability of the external network to access the internal network is limited.
In addition, on the routers of the internal network, an ACL should be written to allow only a specific trusted SNMP management system to operate SNMP. For example, the following ACL is only allowed from (or
The SNMP communication of the SNMP management system limits all other SNMP communication on the network:
Access-list 100 permit iphost wxy any
Access-list 100 deny udp any any eq snmp
Access-list 100 deny udp any any eq snmp trap
Access-list 100 permit ip any any
The first line of this ACL defines the trusted management system (wxy). Use the following command to apply the above ACL to all network interfaces:
Interface serial0
Ip access-group 100 in
In short, the invention of SNMP represents a major advancement in network management, and it is still a powerful tool for efficient management of large networks. However, early versions of SNMP were inherently insecure, even
The latest version also has problems. Just like other services running on the network, the security of SNMP services is not negligible. Don't blindly affirm that the SNMP service is not running on the network.
Maybe it is hiding on a device. Those essential network services already have too many worrying security issues, so it's best to turn off services that aren't necessary, such as SNMP—at least
Try to protect it.
SNMP data
Simple Network Management Protocol (SNMP) is the most widely used network management protocol in TCP/IP networks. In May 1990, RFC1157 defined SNMP.
The first version of (simplenetworkmanagementprotocol) is SNMPv1. RFC1157, together with another document RFC1155 on management information, provides a monitoring and management meter
Systematic approach to computer networks. Therefore, SNMP has been widely used and has become the de facto standard for network management.
SNMP developed rapidly in the early 1990s, and it also revealed obvious deficiencies, such as the difficulty of implementing large amounts of data transmission, lack of authentication and encryption.
(Privacy) mechanism. Therefore, SNMPv2 was released in 1993 with the following features:
ï¬ Support distributed network management
ï¬ Expanded data types
ï¬ Achieve simultaneous transmission of large amounts of data, improving efficiency and performance
ï¬Enriched troubleshooting capabilities
ï¬ Added collection processing function
ï¬ Enhanced data definition language
Management information base
The Management Information Base MIB indicates the variables maintained by the network elements (ie, information that can be queried and set by the management process). The MIB gives a set of all possible managed objects in a network.
Combined data structure. The SNMP management information base adopts a tree structure similar to the DNS of the domain name system. Its root is at the top and the root has no name. Figure 3 shows a part of the management information base, which in turn
Called objectnamingtree.
There are three top-level objects in the object naming tree, namely ISO, ITU-T, and a combination of these two organizations. There are 4 nodes below the ISO, one of which (reference 3) is the identified organization.
Below it is a subtree of the US Department of Defense (labeled 6), followed by the Internet (labeled 1). When discussing only objects in the Internet
You can just draw the subtree below the Internet (the shaded dashed box in the figure) and mark {1.3.6.1} next to the Internet node.
The second node below the Internet node is mgmt (management), and the label is 2. The following is the management information base, the original node name is mib. A new version of MIB-II was defined in 1991.
Therefore, the node name is now changed to mib-2, whose identifier is {1.3.6.1.2.1}, or {Internet(1).2.1}. This identifier is an object identifier.
The initial node mib divides the information it manages into eight categories, as shown in Table 4. The demib-2 now contains more than 40 categories of information.
It should be noted that the definition of the MIB is independent of the specific network management protocol, which is beneficial to both the manufacturer and the user. Vendors can include SNMP agent software in products such as routers.
The software still adheres to the standard after defining a new MIB project. Users can use the same network management client software to manage multiple routers with different versions of the MIB. Of course, one has no new
The router of the MIB project cannot provide information about these items.
Here to mention the object in the MIB {1.3.6.1.4.1}, that is, the enterprise (enterprise), the number of nodes it belongs to has exceeded 3,000. For example, IBM is 11.3.6.1.4.1.2}, Cisco is
{1.3.6.1.4.1.9}, Novell is {1.3.6.1.4.1.23} and so on.
Windows SNMP query
Function brief
SNMP is the abbreviation of "SimpleNetworkManagementProtocol", the Chinese meaning is "Simple Network Management Protocol". The role and details of this protocol, you can refer to
data. Only the tool software Snmputilg.exe for status query for this protocol is introduced here. It is also provided in the Support Tools directory. As for the use, it is nothing more than a system administrator.
Provides information about SNMP so that it can be used as a reference when troubleshooting. After opening the tool display interface, you can use it to perform operations such as GET, GET-NEXT, etc.
Off setting. In addition, this tool can also save data to the clipboard or save the data as a text file with a comma as the closing symbol. Should be noted in use: even the majority of objects are
Using the default ID ID (value), you should also use the SNMPSET command with caution, because incorrect use of this command may cause problems with network name resources or
Causes connectivity problems.
Instructions
1. Start the program: In the Windows 2000 environment, click "Start -> Run", type snmputilg in the edit box and press Enter or click "OK".
2. Unlike the previous ones, Snmputilg.exe is a graphical interface tool. Although you can use the command line control window to open it when you execute the program, the actual startup is successful.
The interface that appears later is still graphical
3. After the tool is started, the default editback address is displayed in the Node edit box, the address value is 127.0.0.1; CurrentOID refers to the "current object identifier", and the logo is the windows system.
The number used to represent an object, each identifier is unique within the entire system, that is, the logo does not and does not allow duplicates. The value shown in the figure is .1.3.6.1.2.1. Public
Is the default choice for the community item. The values ​​described above can also be selected for other items.
4. If you choose the IP address of another system, you must run the SNMP service, and the target system must be configured with the address of the network access, the so-called configuration, including address settings and permissions open.
At the same time, the required auxiliary tools should also be available or operational. By default, Windows 2000 allows access to the IP addresses of all other systems.
5. Another problem is community. When the value of community is selected, one must note that the object it represents must exist. Second, note that its "readable" attribute can only be granted after it is allowed.
Read operation. Third, pay attention to this project. In different versions of the windows series, the restrictions on access addresses may be different.
6. All functions that SNMP can perform (SNMPFunctiontoExecute) are listed in the drop-down combo box in the figure and are available for selection. After you have chosen, please click on the mouse
ExecuteCommand button to perform the corresponding operation.
The following is a brief introduction to the functions of these operations:
GETthevalueofthecurrentobjectidentifier: get the ID value of the current object
GETtheNEXTvalueafterthecurrentobjectidentifier(thisisthedefault): get the ID value of the next object immediately after the current object (this is the default)
of)
GETtheNEXT20valuesafterthecurrentobjectidentifier: Get the ID value of the 20 objects after the current object
GETallvaluesfromobjectidentifierdown(WALKthetree): Get the ID ID value of all objects from the current object.
WALKthetreefromWINSvaluesdown: Roaming directory from WINS value
WALKthetreefromDHCPvaluesdown: roaming directory from DHCP value
WALKthetreefromLANMANvaluesdown: Roaming directory from LANMAN value
WALKthetreefromMIB-IIdown (InternetMIB): Roaming directory from MIB-II
7. Display the meaning of the result explanation:
These results can be cleared or saved or updated. To implement the above functions, you can use the corresponding operations in the menu. Specifically, these operations include:
Copy one or more results into the clipboard.
Delete all the content listed now.
Clear all commands that have been executed.
Request to record the currently selected item.
Generate a text file that will be used to save an image of all the records
Edit or set the identity of an object. Be cautious when using this operation, because if it is set incorrectly, it may cause problems in the network name resource or cause
Connectivity issues.
SNMPv2 protocol operation
The core of the SNMPv2 standard is the communication protocol -- it is a request/response protocol.
This protocol provides an intuitive, basic way to exchange management information between the manager and the agent, manager, and manager.
Each SNMPv2 message consists of a number of fields:
If both the sender and the receiver's two parties use the authentication mechanism, it contains information related to the authentication; otherwise it is empty (takes NULL). The process of verification
Bottom: The sender and the receiver's Party each have a verification key (secretkey) and an authentication algorithm. Before the message is sent, the sender first fills in the digest field in the figure.
As a prefix for the message. Then, according to the verification algorithm, the packet data in the digest field (including the digest field) in the packet is calculated, and a digest value is calculated, and then the digest value is used.
The generation key is filled in the digest field in the message. After receiving the packet, the receiver first extracts the digest value in the packet, temporarily stores a location, and then uses the sender's key to put the digest in the packet.
Comparing the two digest values, if the same, it proves that the sender is indeed the party specified in the srcParty field, the message is legal; if not, the receiver concludes that the sender is illegal.
. The authentication mechanism prevents illegal users from "pretending" a legitimate party to destroy.
The authInfo field also contains two timestamps for synchronization between the sender and the receiver to prevent the message from being intercepted and retransmitted.
Another major improvement of SNMPv2 is the ability to encrypt communication messages to prevent listeners from stealing message content. Except for the privDst field, the rest of the message can be encrypted. Sender and
The receiver uses the same encryption algorithm (such as DES).
The communication message can be carried out without any security protection, or only for verification, or both.
SNMP on OSI
Mapping on CLTS
The SNMP mapping on CLTS[7,8] is straight-through. The principle of the steps is the same as that used by UDP. Note CLTS
And the service is provided by a UDP information transmission package containing all the address information. Therefore, the transmission site in [1]
"Address", SNMP mapped on the CLTS is just a transmission option and a network address.
It should be noted that, as described in [1, 5], mapping SNMP and SNMP on non-connected transport services
The structural principle of SNMP is completely consistent. However, the CLTS itself can be implemented in a connectionless or network-oriented service. In this mapping
The mapping described in the support supports any implementation. (When providing all network services, it should be based on CLNS.)
Knowing address
Unlike the Internet Protocol Group, OSI does not use Zhouzhikou. Of course, the demultiplexing technique occurs based on a "selector", which is an opaque octet with local significance.
string. To take care of the CLTS-based interoperable SNMP implementation, it is necessary to define four selectors. When the CLTS uses a connectionless mode network service to provide reverse SNMP transmission, it should be
Use the "snmp-l" transmission selector consisting of 6 ASCII characters; by convention, an SNMP interrupt will be sent to a "snmp-l" transmission selection consisting of 7 ASCII characters.
SNMP manager. When the CLTS uses a connection-oriented network service to provide reverse SNMP transmission, a "snmp-o" transmission selector consisting of 6 ASCII characters should be used; by convention,
An SNMP interrupt is sent to an SNMP manager that is listening to a "snmp-o" transport selector consisting of 7 ASCII characters.
Interrupt
When an SNMP interrupt is sent on the CLTS, the proxy address field in the Trap-PDU contains the IP address "0.0.0.0". The SNMP manager can be based on information provided by the transport service (ie
Source of detection traps derived from the T-UNIT-DATA.INDICATION basic data unit.
Maximum message size
An entity running SNMP on the OSI should be prepared to receive messages of at least 484 bytes in size. Encourage the application of larger values ​​that may occur at any time.
Role in network equipment
SNMP is currently the most commonly used environmental management protocol. SNMP is designed to be protocol-independent, so it can be used on IP, IPX, AppleTalk, OSI, and other transport protocols used.
use. SNMP is a set of protocol groups and specifications (see table below) that provide a way to collect network management information from devices on the network. SNMP also reports the device to the network management station.
Providing a problem with bugs and errors.
Currently, almost all network equipment manufacturers have implemented SNMP support. Leading SNMP is a public communication protocol that collects management information from devices on the network. device
The manager collects this information and records it in the Management Information Base (MIB). This information reports device characteristics, data throughput, communication overloads, and errors. MIB has a public format, so
SNMP management tools from multiple vendors can collect MIB information and present it to the system administrator on the management console.
By embedding SNMP into a data communication device, such as a router, switch, or hub, you can manage these devices from a central station and view the information graphically. Currently available
Many of the management applications are typically run under most currently used operating systems, such as Windows 95, Windows 98, Windows NT, and different versions of UNIX.
A managed device has a management agent that is responsible for requesting information and actions from the management station. The agent can also actively provide information to the management station by means of traps. Therefore, some key
Network devices (such as hubs, routers, switches, etc.) provide this management agent, also known as an SNMP agent, for management through an SNMP management station.
DIY tool cabinets are super hot online and they have mail order packings for safety in delivery.
Diy Tool Chest,Diy Tool Cabinets,Diy Mobile Tool Cabinet,Diy Tool Storage Cabinet
Changzhou Xingsheng Tianhe Electric Appliance Co., Ltd , https://www.roller-tool-cabinet.com