SNMP service concept analysis

To learn network management well, you must learn the SNMP service protocol well. So what protocol is this? Simply put, it is a network management protocol. We will discuss the concept and security issues in detail. The SNMP Service, also known as the Simple Network Management Protocol, is proposed to solve the router management problem on the Internet. It acts as a proxy in the Windows operating system and collects information that can be reported to the SNMP Management site or the console. The SNMP Service is used to allow the system to collect data and manage Windows 2000/XP/2003-based computers throughout the network.

In general, SNMP messages are sent in plain text, and these messages are easily intercepted and decoded by network analysts such as Microsoft Network Monitor. Unauthorized users can capture community names to obtain important information about network resources. Therefore, for services such as SNMP, you must pay attention to its security before it can be effectively used widely.
 
To protect our SNMP from being damaged by illegal behaviors, we need to take a series of security measures on the system, such as "IP Security Protocol" to protect SNMP communication. Create an IP Sec policy on the system to protect communications between TCP and UDP ports 161 and 162 to protect the security of the SNMP service.
 
Step 1: Select "Start> Control Panel> Administrative Tools> Local Security Policy", right-click "IP Security Policy, on the local computer" in the left column ", select "manage IP Filter list and filter operation ".
 
Step 2: Select "manage IP Filter list" and click "add. In the "IP Filter list", enter "port 161/162" in the name column and enter "port 161/162 filter" in the "Description" box ". Click the remove "add wizard" check box, and then click "add. In the "Source Address" box on the "Addressing" tab of the displayed IP Filter Properties dialog box), select "any IP Address ". In the "target address" area, select "my IP Address" and select "image. Select the check box to match packets with exactly the opposite source and target addresses.

Step 3: click the "protocol" tab and select "UDP" in "select protocol type ". In the "set IP protocol port" area, select "from this port" and enter 161. Click "to this port", enter 161, and click "OK". In the "IP Filter list" dialog box, select "add. Add port 162 again in the same way.

The SNMP protocol was developed in the early 1990s s to simplify device management and data acquisition in large networks. Many Network-related software packages, such as HP's OpenView and Nortel Networks's Optivity Network Management System, as well as Multi Router Traffic GrapherMRTG and other free software, SNMP is used to simplify network management and maintenance.

Because the SNMP protocol works very well, network hardware vendors began to add the SNMP protocol to each device they created. Today, all kinds of network devices can see the default enabled SNMP service, from the switch to the router, from the firewall to the network printer, no exception.

The problem is that SNMP protocols installed by many vendors use default communication strings, such as passwords ), these communication strings are essential for the program to obtain device information and modify the configuration. The advantage of using the default communication string is that software on the network can directly access the device without complicated configuration.

The communication string mainly contains two types of commands: GET command and SET command. The GET command reads data from a device, which is usually an operation parameter, such as the connection status and interface name. The SET command allows you to SET certain parameters of a device. This type of function is generally restricted, for example, disabling a certain? Why is Mu phenol good? Skirt Delta limit 5? Evenly distributed packet ET and SET commands may all be used for DoS attacks) and maliciously modifying network parameters.

The most common default communication strings are public-read-only and private-read/write). In addition, there are many default communication strings private by the vendor. Some form of default communication string can be found on almost all network devices running the SNMP protocol.

The security mechanisms of SNMP 2.0 and SNMP 1.0 are weak, and communication is not encrypted. All communication strings and data are sent in plaintext. Once attackers capture network communication, they can use various sniffer tools to directly obtain the communication string, even if the user changes the default value of the Communication string.

In recent years, SNMP 3.0 solves some problems. To protect communication strings, SNMP 3.0 uses the DESData Encryption Standard) Algorithm to encrypt data communication. In addition, SNMP 3.0 can also use MD5 and SHASecure Hash Algorithm) technology to verify the node identifier, this prevents attackers from impersonating a management node to operate the network. For more information about SNMP 3.0, see http://www.ietf.org/rfc/rfc2570.txt.

Although SNMP Service 3.0 has been around for a while, it has not been widely used yet. If the device was a product two or three years ago, it is likely that SNMP 3.0 is not supported at all. Even some newer devices only support SNMP 2.0 or SNMP 1.0.

Even if the device already supports SNMP 3.0, many vendors still use standard communication strings, which are not a secret to hacker organizations. Therefore, although SNMP 3.0 provides more security features than earlier versions, the actual effect is still limited if it is improperly configured.