1 / 22

SNMP In Depth

SNMP In Depth. SNMP. Simple Network Management Protocol The most popular network management protocol Hosts, firewalls, routers, switches…UPS, power strips, ATM cards -- ubiquitous “One of the single biggest security nightmares on networks today”. SNMP Transport Mechanism Flaws. UDP Based

anthea
Télécharger la présentation

SNMP In Depth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SNMP In Depth

  2. SNMP • Simple Network Management Protocol • The most popular network management protocol • Hosts, firewalls, routers, switches…UPS, power strips, ATM cards -- ubiquitous • “One of the single biggest security nightmares on networks today”

  3. SNMP Transport Mechanism Flaws • UDP Based • Unreliable - packets may or may not be received • Easily forged - trivial to forge source of packets

  4. Management Information Base • MIB -- Management Information Base • MIBs describe object attributes • Some MIBs are pre-loaded • Additional MIBs are needed • Loaded manually • Downloaded from manufacture’s WEB sites • Standard MIBs • MIB-I • MIB-II • RMON • RMON 2 • Bridge • Repeater

  5. MIB Structure iso (1) org (3) dod (6) internet (1) directory (1) mgmt (2) experimental private (4) mib-2 (1) enterprises (1) system (1) interfaces (2) snmp (11) cisco (9) hp(11) novell(23) sysObjectID (2) sysDescr (1)

  6. Get Response Retrieve Set alter Trap • Get request - Reads a value from a specific variable • GetNext request - Traverse information from a table of specific variables • GetBulk request - • Get response - Replies to a get or a set request • Set request - Writes a value into a specific variable • Trap or Notification - A message initiated by the agent without requiring the management station to send a request SNMP Basics Manager Agent MIB Data SNMP Router, etc.

  7. Popular defaults public private write “all private” monitor manager security admin lan default password tivoli openview community snmp snmpd system and on and on... SNMP Popular Defaults

  8. SNMP v1 Information Disclosure • Routing tables • Network topology • Network traffic patterns • Filter rules

  9. SNMP Options • SNMP configuration • Event Configuration • Customize event notification messages • Define the type of event notification • Define automatic actions when an event is received. • Create/modify alarm categories • Configure additional actions for the operator • Configure event correlations • SNMP data collection and threshold • SNMP MIB application builder • Load/unload MIB • Network polling configuration • License password

  10. SNMP Tools • Remotely turn on the power of a PC • Web base access • Terminal Connect- provides the ability to establish a telnet session from a local system in order to manage a remote system • SNMP MIB Browser- provides a functional tool that can be used to explore, query, and set MIB values • DMI Browser

  11. Agent Data Collection • Network data collected using • SNMPv1 ; SNMPv2 • IP Protocol • TCP/IP • UDP • ICMP • ARP/RARP • IPX • DMI • Desktop Management Interface for accessing information about PC and their components

  12. Auto-discovery • Auto discovery of network objects based on • IP Protocol • Routing data on routers (ARP table) • SNMP data • Auto assignments of symbols to represent objects • Auto arrangement of symbols on the maps and submaps

  13. SNMP Event Generation • SNMP agents continuously watch for certain incidents to occur • When an incident occurs, an event is generated • Events are categorized based on the alarm type • Alarm types are user definable • Events are displayed with color coded severity • Severity and color codes are user definable • Event trap configuration • Pre-defined • User-defined generic traps • User-defined specific traps

  14. Event Correlation • Event correlation • Discovers events that are either the same event and/or related events • Presents these events as a single main event • Allow drill down of the main event to view the related events • Provides four pre-defined correlations: • Connector Down Correlation • Scheduled Maintenance Correlation • Repeated Event Correlation • Pair Wise Correlation • Additional correlations may be obtained • From web page • From a 3rd party for a fee • Developed by yourself -- not recommended

  15. Performance Management • Network activities • Status of the interfaces • Error rate and percentage • Ethernet traffic • SNMP authentication failures, traffic, errors • List of TCP connections • Graph CPU load and disk space usage • Graph SNMP data collected with MIB data collector • Graph data based on Interface status polling and SNMP node polling

  16. Configuration Management • Network Configuration (at selected remote SNMP node) • List interface properties • List IP and link addresses • List routing table • List ARP cache table • List the supported services • List the services for which the selected remote SNMP nodes are configured to support • List the management systems (by IP Address) that are configured to receive traps • Run the Microsoft Windows NT operating system Registry Editor

  17. Performance Management • Network activities • Status of the interfaces • Error rate and percentage • Ethernet traffic • SNMP authentication failures, traffic, errors • List of TCP connections • Graph CPU load and disk space usage (HP-UX only) • Graph SNMP data collected with MIB data collector • Graph data based on Interface status polling and SNMP node polling

  18. Fault Management • Alarms -- show all alarms of selected nodes • Network Connectivity • Poll node -- information about selected objects • Status poll -- status about selected objects • Capability poll -- check for remote DMI, web-management, and web server capabilities. • Ping • Remote ping • Locate route via SNMP • Test IP/TCP/SNMP • Interface Status -- Graphic display of number and rate of bad packets • Window NT Event Viewer • Window NT Diagnostic tool

  19. SNMPv1 Security Flaws • Transport Mechanism • Data manipulation • Denial of Service • Replay • Authentication • Host Based • Community Based • Information Disclosure

  20. SNMP Authentication Flaws • Host Based • Fails due to UDP transport • DNS cache poisoning • Community Based • Cleartext community • Community name prediction/brute forcing • Default communities

  21. RMON and RMON2 Security • SNMPv1’s flaws • additional hazards by introducing “action invocation” objects • collects extensive info on subnet • packet captures

  22. SNMP Fixes • Disable it • ACL It • Read-Only

More Related