“Simple Network Management Protocol”的意思、由来-开放百科全书

SNMP is widely used in network management for network monitoring. SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications.

Three significant versions of SNMP have been developed and deployed. SNMPv1 is the original version of the protocol. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility and security.

SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.^[2]

Overview and basic concepts

In typical uses of SNMP, one or more administrative computers called managers have the task of monitoring or managing a group of hosts or devices on a computer network. Each managed system executes a software component called an agent which reports information via SNMP to the manager.

A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information. Managed devices exchange node-specific information with the NMSs. Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers, access servers, switches, cable modems, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers.

An agent is a network-management software module that resides on a managed device. An agent has local knowledge of management information and translates that information to or from an SNMP-specific form.

A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.

Management information base

SNMP agents expose management data on the managed systems as variables. The protocol also permits active management tasks, such as configuration changes, through remote modification of these variables. The variables accessible via SNMP are organized in hierarchies. SNMP itself does not define which variables a managed system should offer. Rather, SNMP uses an extensible design which allows applications to define their own hierarchies. These hierarchies are described as a management information base (MIB). MIBs describe the structure of the management data of a device subsystem; they use a hierarchical namespace containing object identifiers (OID). Each OID identifies a variable that can be read or set via SNMP. MIBs use the notation defined by Structure of Management Information Version 2.0 (SMIv2, {{IETF RFC|2578}}), a subset of ASN.1.

Protocol details

SNMP operates in the application layer of the Internet protocol suite. All SNMP messages are transported via User Datagram Protocol (UDP). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response is sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security, requests are received on port 10161 and notifications are sent to port 10162.^[3]

SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequest and InformRequest were added in SNMPv2 and the Report PDU was added in SNMPv3. All SNMP PDUs are constructed as follows:

SNMPv1 and SNMPv2 use communities to establish trust between managers and agents. Most agents support three community names, one each for read-only, read-write and trap. These three community strings control different types of activities. The read-only community applies to get requests. The read-write community string applies to set requests. The trap community string applies to receipt of traps. SNMPv3 also uses community strings, but allows for secure authentication and communication between SNMP manager and agent.^[9]

Protocol versions

In practice, SNMP implementations often support multiple versions: typically SNMPv1, SNMPv2c, and SNMPv3.^[10]^[11]

Version 1

SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. The design of SNMPv1 was done in the 1980s by a group of collaborators who viewed the officially sponsored OSI/IETF/NSF (National Science Foundation) effort (HEMS/CMIS/CMIP) as both unimplementable in the computing platforms of the time as well as potentially unworkable. SNMP was approved based on a belief that it was an interim protocol needed for taking steps towards large scale deployment of the Internet and its commercialization.

The first Request for Comments (RFCs) for SNMP, now known as SNMPv1, appeared in 1988:

SNMPv1 is widely used and is the de facto network management protocol in the Internet community.^[12]

SNMPv1 may be carried by transport layer protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless-mode Network Service (CLNS), AppleTalk Datagram Delivery Protocol (DDP), and Novell Internetwork Packet Exchange (IPX).

Version 1 has been criticized for its poor security.^[13] The specification does, in fact, allow room for custom authentication to be used, but widely-used implementations "support only a trivial authentication service that identifies all SNMP messages as authentic SNMP messages."^[14]. The security of the messages, therefore, becomes dependent on the security of the channels over which the messages are sent. For example, an organization may consider their internal network to be sufficiently secure that no encryption is necessary for their SNMP messages. In such cases, the "community name", which is transmitted in cleartext, tends to be viewed as a de-facto password, in spite of the original specification.

Version 2

SNMPv2, defined by {{IETF RFC|1441}} and {{IETF RFC|1452}}, revises version 1 and includes improvements in the areas of performance, security and manager-to-manager communications. It introduced GetBulkRequest, an alternative to iterative GetNextRequests for retrieving large amounts of management data in a single request. The new party-based security system introduced in SNMPv2, viewed by many as overly complex, was not widely adopted.^[13] This version of SNMP reached the Proposed Standard level of maturity, but was deemed obsolete by later versions.^[15]

SNMPv1 & SNMPv2c interoperability

As presently specified, SNMPv2c is incompatible with SNMPv1 in two key areas: message formats and protocol operations. SNMPv2c messages use different header and protocol data unit (PDU) formats from SNMPv1 messages. SNMPv2c also uses two protocol operations that are not specified in SNMPv1. Furthermore, {{IETF RFC|3584}} (which obsoletes {{IETF RFC|2576}}) defines two possible SNMPv1/v2c coexistence strategies: proxy agents and bilingual network-management systems.

Proxy agents

An SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as follows:

The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then forwards them to the NMS.

Bilingual network-management system

Bilingual SNMPv2 network-management systems support both SNMPv1 and SNMPv2. To support this dual-management environment, a management application in the bilingual NMS must contact an agent. The NMS then examines information stored in a local database to determine whether the agent supports SNMPv1 or SNMPv2. Based on the information in the database, the NMS communicates with the agent using the appropriate version of SNMP.

Version 3

Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks much different due to new textual conventions, concepts, and terminology.^[1] The most visible change was to define a secure version of SNMP, by adding security and remote configuration enhancements to SNMP^[18] - due to lack of security in earlier versions, network administrators often used other means such as telnet and SSH for configuration, accounting, and fault management. SNMPv3 focuses on two main aspects, namely security and administration. The security aspect is addressed by offering both strong authentication and data encryption for privacy. For the administration aspect, SNMPv3 focuses on two parts, namely notification originators and proxy forwarders. The changes also facilitated remote configuration and administration of the SNMP entities, as well as addressing issues related to the large-scale deployment, accounting, and fault management.

Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.^[1] Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used.^[19] The security approach in v3 targets:^[20]

v3 also defines the USM and VACM, which were later followed by a transport security model that provided support for SNMPv3 over SSH and SNMPv3 over TLS and DTLS.

Implementation issues

SNMP implementations vary across platform vendors. In some cases, SNMP is an added feature, and is not taken seriously enough to be an element of the core design. Some major equipment vendors tend to over-extend their proprietary command line interface (CLI) centric configuration and control systems.^[23]{{Failed verification|date=November 2010}} In February 2002 the Carnegie Mellon Software Engineering Institute (CM-SEI) Computer Emergency Response Team Coordination Center (CERT-CC) issued an Advisory on SNMPv1, the CA-2002-03, after the Oulu University Secure Programming Group conducted a thorough analysis of the SNMP message handling. Most SNMP implementations, regardless which version of the protocol, use the same program code for decoding protocol data units (PDU). Thus many vendors had to issue patches for their SNMP implementations. Among others problems were found with decoding SNMP trap messages received by the SNMP management station or requests received by the SNMP agent on the network device.^[8]{{rp|1875}}

SNMP's powerful write capabilities, which would allow the configuration of network devices, are not being fully utilized by many vendors, partly because of a lack of security in SNMP versions before SNMPv3, and partly because many devices simply are not capable of being configured via individual MIB object changes. Requirements of SNMP Set operation are not easy to implement correctly, and many vendors chose to omit support for Set – probably to lower their development cost and reduce the code size, among other reasons.{{citation needed|date=August 2016}}

SNMP's seemingly simple tree structure and linear indexing may not always be understood well enough within the internal data structures that are elements of a platform's basic design. Consequently, processing SNMP queries on certain data sets may result in higher CPU utilization than necessary. One example of this would be large routing tables, such as BGP or IGP.{{Citation needed|date=April 2010}}

Some SNMP values (especially tabular values) require specific knowledge of table indexing schemes, and these index values are not necessarily consistent across platforms. This can cause correlation issues when fetching information from multiple devices that may not employ the same table indexing scheme (for example fetching disk utilization metrics, where a specific disk identifier is different across platforms.)^[24]

Resource indexing

Modular devices may dynamically increase or decrease their SNMP indices (a.k.a. instances) whenever slotted hardware is added or removed. Although this is most common with hardware, virtual interfaces have the same effect. Index values are typically assigned at boot time and remain fixed until the next reboot. Hardware or virtual entities added while the device is 'live' may have their indices assigned at the end of the existing range and possibly reassigned at the next reboot. Network inventory and monitoring tools need to have the device update capability by properly reacting to the cold start trap from the device reboot in order to avoid corruption and mismatch of polled data.

Index assignments for a SNMP device instance may change from poll to poll mostly as a result of changes initiated by the system administrator. If information is needed for a particular interface, it is imperative to determine the SNMP index before retrieving the data needed. Generally, a description table like ifDescr will map a user friendly name like Serial 0/1 (Blade 0, port 1) to an SNMP index. However, this is not necessarily the case for a specific SNMP value, and can be arbitrary for an SNMP implementation.

SNMP security implications

Using SNMP to attack a network

Because SNMP is designed to allow administrators to monitor and configure network devices remotely it can also be used to penetrate a local area network (LAN). If SNMP is not used in a network it should be turned off, because aside from creating a vulnerability it will consume available network bandwidth and needlessly use CPU cycles. A significant number of software tools can scan the entire network over SNMP, therefore mistakes in the configuration of the read-write mode can make a network susceptible to attacks.^[25]{{rp|52}}

In 2001 Cisco released information that even in read mode the SNMP implementation of Cisco IOS 11.0 and 12.0 (the operating system used by Switches and Routers) is vulnerable to certain denial of service attacks. These security issues can be fixed through an IOS upgrade.^[26] When configuring SNMP read-only mode close attention should be paid to the configuration of the access control and from which IP addresses SNMP messages are accepted. If the SNMP servers are identified by their IP, SNMP is only allowed to respond to these IPs and SNMP messages from other IP addresses would be denied. However, IP address spoofing remains a security concern.^[25]{{rp|54}}

SNMP authentication

SNMP is available in different versions 1, 2 and 3, each has its own security issues. SNMP v1 sends passwords in clear-text over the network. Therefore, passwords can be read with packet sniffing. SNMP v2 allows password encryption with MD5, but this has to be configured. Virtually all network management software support SNMP v1, but not necessarily SNMP v2 or v3. SNMP v2 was specifically developed to provide data security, that is authentication, privacy and authorization, but only SNMP version 2c gained the endorsement of the Internet Engineering Task Force (IETF), while versions 2u and 2* failed to gain IETF approval due to security issues. SNMP v3 uses MD5, Secure Hash Algorithm (SHA) and keyed algorithms to offer protection against unauthorised data modification and masquerade attacks. If a higher level of security is needed the Data Encryption Standard (DES) can be optionally used in the cipher block chaining mode. SNMP v3 is implemented on Cisco IOS since release 12.0(3)T.^[25]{{rp|52}}

SNMPv3 may be subject to brute force and dictionary attacks for guessing the authentication keys, or encryption keys, if these keys are generated from short (weak) passwords, or passwords that can be found in a dictionary. SNMPv3 allows both providing random uniformly distributed cryptographic keys, and generating cryptographic keys from password supplied by user. The risk of guessing authentication strings from hash values transmitted over the network depends on the Hash function used and the length of the hash value.{{Citation needed|date=April 2017}} SNMPv3 uses the HMAC-SHA-2 Authentication Protocol for the User-based Security Model (USM).^[27] A challenge-response handshake was not used to improve security. SNMPv3 (like other SNMP protocol versions) is a stateless protocol, and it has been designed with minimal amount of interactions between the agent and the manager. Thus introducing a challenge-response handshake for each command would impose a burden on the agent (and possibly on the network itself) that the protocol designers deemed excessive and unacceptable.{{Citation needed|date=April 2017}}

The security deficiencies of all SNMP versions can be mitigated by IPsec authentication and confidentiality mechanisms. The implementation of SNMP over Datagram Transport Layer Security (DTLS) is also available.^[10]

SNMP autodiscovery

SNMP based network management software send passwords repeatedly during normal operations across the network. Therefore, clear-text passwords are a significant security risk. If SNMP v2 is used, the network administrator should enable password encryption on network devices, that is the SNMP servers running on them. This can be done with the command snmp-server enable traps snmp authentication md5.^[25]{{rp|53}}

Many SNMP implementations include a type of automatic discovery where a new network component, such as a switch or router, is discovered and pooled automatically. In SNMPv1 and v2c this is done through a community string that is broadcast in clear-text to other devices.^[10] Because of its default configuration on community strings, they are public for read-only access and private for read-write^[8]{{rp|1874}} SNMP topped the list of the SANS Institute's Common Default Configuration Issues and was number ten on the SANS Top 10 Most Critical Internet Security Threats for the year 2000.^[28] System and network administrators frequently do not change these configurations.^[8]{{rp|1874}} The community string sent by SNMP over the network is not encrypted. Once the community string is known outside the organisation it could become the target for an attack. To prevent the easy discovery of the community, SNMP should be configured to pass community-name authentication failure traps and the SNMP management device needs to be configured to react to the authentication failure trap.^[25]{{rp|54}}

SNMPv1 and v2 are vulnerable to IP spoofing attacks, whether it runs over TCP or UDP, and is a subject to bypassing device access lists that might have been implemented to restrict SNMP access. SNMPv3 security mechanisms such as USM or TSM prevent a successful attack. It would be pointless to employ SNMPv3 VACM (View-based Access Control) without securing messages with USM or TSM.{{Citation needed|date=April 2017}}

RFC references

See also

References

1. ^¹²{{cite book |author=Douglas R. Mauro & Kevin J. Schmidt. |year=2001 |title=Essential SNMP |edition=1st |location=Sebastopol, CA |publisher=O’Reilly & Associates}}
2. ^{{Cite IETF |rfc=3411 |title=An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks}}
3. ^{{IETF RFC|6353}} Section 10
4. ^{{Cite journal |url=https://tools.ietf.org/html/rfc1448#page-27 |title=RFC 1448 – Protocol Operations for version 2 of the Simple Network Management Protocol (SNMPv2) |publisher=Internet Engineering Task Force |quote=An InformRequest-PDU is generated and transmitted at the request an application in a SNMPv2 entity acting in a manager role, that wishes to notify another application (in a SNMPv2 entity also acting in a manager role) of information in the MIB View of a party local to the sending application. |author1=J. Case |author2=K. McCloghrie |author3=M. Rose |author4=S. Waldbusser |date=April 1993}}
5. ^{{Cite journal |url=https://tools.ietf.org/html/rfc2573#section-3.3 |title=RFC 2573 – SNMP Applications |publisher=Internet Engineering Task Force |author1=D. Levi |author2=P. Meyer |author3=B. Stewart |date=April 1999}}
6. ^¹{{Cite journal |url=http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/snmpinfm.html |title=SNMP Inform Requests |publisher=Cisco |accessdate=2011-12-09}}
7. ^{{Cite journal |url=https://www.juniper.net/techpubs/software/junos-security/junos-security10.2/mib-srx5600-srx5800-service-gateway/topic-21511.html |title=Understanding the SNMP Implementation in JUNOS Software |publisher=Juniper Networks |accessdate=2013-02-11}}
8. ^¹²³⁴{{Cite book|title= Information Security Management Handbook, Sixth Edition|authors =Harold F. Tipton & Micki Krause |publisher= CRC Press|year=2007 |isbn= 9780849374951}}
9. ^{{Cite book|title= Information Security Management Handbook, Sixth EditioEssential SNMP: Help for System and Network Administrators|authors =Douglas Mauro & Kevin Schmidt |publisher= O'Reilly Media, Inc.|year=2005 |isbn= 9780596552770|pages=21–22}}
10. ^¹²{{Cite book|title= Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance|author =Stuart Jacobs |publisher= John Wiley & Sons|year=2015 |isbn= 9781119104797|pages=367}}
11. ^{{IETF RFC|3584}} "Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework"
12. ^{{cite book |last1=Wiley |first1=John |title=Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance |date=2015-12-01 |page=366 |url=https://books.google.com/?id=6i1cCwAAQBAJ&pg=PA366&lpg=PA366&dq=snmpv1+is+obsolete#v=onepage&q=snmpv1%20is%20obsolete&f=false |accessdate=2017-09-14|isbn=9781119104711 }}
13. ^¹{{cite web |title=Security in SNMPv3 versus SNMPv1 or v2c |url=http://www.aethis.com/solutions/snmp_research/snmpv3_vs_wp.pdf |archiveurl=https://web.archive.org/web/20130429201847/http://www.aethis.com/solutions/snmp_research/snmpv3_vs_wp.pdf |archivedate=2013-04-29}}
14. ^{{IETF RFC|1157}}
15. ^¹²{{cite web|url=http://www.rfc-editor.org/search/rfc_search_detail.php?pubstatus%5b%5d=Standards+Track&std_trk=Any&pub_date_type=any&wg_acronym=snmpv2 |title=RFC Search Detail: Standards Track snmpv2 RFCs|publisher=The RFC Editor |accessdate=2014-02-24}}
16. ^{{IETF RFC|3416}}
17. ^{{Citation |title=SNMPv3 -- User Security Model |url=http://www.drdobbs.com/snmpv3-user-security-model/199100972 |access-date=2019-03-09 |publisher=Dr. Dobbs}}
18. ^In This Issue: SNMP Version 3 The Simple Times {{ISSN|1060-6084}}
19. ^{{cite book |author=David Zeltserman |year=1999 |title=A Practical Guide to SNMPv3 and Network Management |location=Upper Saddle River, NJ |publisher=Prentice Hall PTR}}
20. ^{{cite web |url=http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html |title=SNMPv3 |publisher=Cisco Systems |archiveurl=https://www.webcitation.org/60I4lHgQR?url=http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html |archivedate=2011-07-19 |deadurl=yes |df= }}
21. ^{{cite web |url=http://www.ibr.cs.tu-bs.de/projects/snmpv3/ |title=SNMP Version 3 |publisher=Institute of Operating Systems and Computer Networks |accessdate=2010-05-07}}
22. ^RFC Editor {{webarchive|url=https://web.archive.org/web/20071029103140/http://www.rfc-editor.org/categories/rfc-standard.html |date=2007-10-29 }} List of current Internet Standards (STDs)
23. ^{{cite web|url=http://www.snmp.com/conferences/ |title=SNMP Research presentations in favor of standards-based management over proprietary CLIs |publisher=SNMP Research |date= |accessdate=2010-10-12}}
24. ^{{Cite web | url=http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/40700-snmp-ifIndex40700.html | title=Understanding Table Index Values in SNMP}}
25. ^¹²³⁴{{Cite book|title= Cisco Secure Internet Security Solutions|authors =Andrew G. Mason & Mark J. Newcomb |publisher= Cisco Press|year=2001 |isbn= 9781587050169}}
26. ^{{Cite book|title= Cisco Secure Internet Security Solutions|authors =Andrew G. Mason & Mark J. Newcomb |publisher= Cisco Press|year=2001 |isbn= 9781587050169|pages=52}}
27. ^{{IETF RFC|7630}} — HMAC-SHA-2 Authentication Protocols in the User-based Security Model (USM) for SNMPv3
28. ^{{Cite web | url=http://www.sans.org/top20/2000/ | title=SANS Institute - CIS Critical Security Controls}}