SNMP - Anything But Simple
For years upgrading SNMP has been Simply Not My Priority, but with the vulnerabilities of version 1 making headlines, perhaps we'll see adoption of v2 or v3 ere long. Drew Bird has details.
The recent vulnerabilities discovered in the Simple Network Management Protocol (SNMP) have had those involved in network management asking two questions. Why has the problem not been detected in the past 12 years, and why are we using a product that is 12 years old in any case? The answer to both questions, if you'll excuse the pun, is anything but simple.
SNMPv1 was introduced in 1989 to provide a mechanism that allowed devices on the network to communicate information about their state to a central system. The central system is referred to as an SNMP manager or more commonly as a Network Management System (NMS). The devices that can communicate with the manager are referred to as SNMP agents. It's a common misconception that SNMP is a network management system, which it is not. SNMP is a protocol, part of the TCP/IP protocol suite, that enables the communication of network management information between devices.
SNMP operates on a fairly simple structure. A small number of commands can be issued by the manager, to the agent, which responds with the information requested. In certain cases, the SNMP manager is able to reconfigure the device it is communicating with by issuing a special command, called a 'set'.
The information that can be retrieved from the agent or set by the manager is defined by a Management Information Base, or MIB. The MIB defines a set of values that can be read or changed by the SNMP manager. To make sure that SNMP remains protocol dependant rather than platform dependant, the International Standards Organization (ISO) controls the creation of MIBs. The ISO issues MIB identifiers (which look something like '188.8.131.52.4.1.311') to organizations that want to create their own MIBs. As long as they stay under the MIB ID they are assigned, they can do anything they like with it.
As well as the process of the manager interrogating or configuring the devices that are running an SNMP agent, the devices themselves are also able to communicate with the manager through the use of 'trap' messages. Traps are generated when either a threshold is exceeded on the device, or when a certain condition is met. Examples of events that might generate a trap message include an interface going down on a router or the threshold that dictates the amount of free disk space on a server being surpassed. It should be noted that SNMP agents are very simple pieces of software, which makes it possible to install SNMP agent functionality on just about anything from a server to a router to an air conditioning system to a vending machine. Now that's a practical application for technology if ever I have heard of one.