Internet Protocol (IP) networks use managing devices such as Simple Network Management Protocol (SNMP) to monitor network attached devices. In a computer network, a group of devices are attached, and they are managed and monitored by a manager. An agent, which is a software module in a managed device, reports information through the SNMP to the manager which has a Network Management System (NMS) that executes the applications that monitor and control managed devices.
There are seven SNMP protocol data units (PDU)
1. GetRequest - request to retrieve the value of a variable from the manager to the agent.
2. SetRequest - request to change the value of a variable from the manager to the agent.
3. GetNextRequest - request to find variables from the manager to the agent.
4. GetBulkRequest - enhanced version of GetNextRequest.
5. Response - reply from the agent to the manager through the return of variables.
6. Trap - simultaneous message from the agent to the manager.
7. InformRequest - simultaneous messages between managers.
There are three versions of SNMP
1. SNMPv1: which is the network management protocol being used by the Internet.
2. SNMPv2: which is a revised version of the SNMPv1. It contains improvements in performance, confidentiality, security, and communications between managers. Its party-based security system is very complex, though, and has to be revised in order to be able to use it with the SNMPv1.
3. SNMPv3: which has added cryptographic security and new concepts, terminology, remote configuration enhancements, and textual conventions.
The main difference between SNMPv3 and v2 (or v1) is that the v3 version addresses the security and privacy issues. For example, in SNMPv2, passwords are transmitted in plain text, whereas v3 uses encryption.
The advantages are given below, in brief:
1. Authentication
2. Privacy
3. Authorization and Access Control
4. Remote configuration and administration capabilities
SNMPv1 and SNMPv2c use a community string that is used as the password and there's no authentication or encryption.
The security features provided in SNMPv3 are as follows:
Message integrity - Ensures that a packet has not been tampered with during transit.
Authentication - Determines that the message is from a valid source.
Encryption - Scrambles the content of a packet to prevent it from being learned by an unauthorized source.
SNMPv3 is a security model in which an authentication strategy is set up for a user and the group in which the user resides.
SNMPv1 was the first version of SNMP. Although it accomplished its goal of being an open, standard protocol, it was found to be lacking in key areas like security, and flexibility.
SNMPv2 is essentially same as SNMPv1 in practical terms, except it adds support for 64 bit counters.
SNMPv2 did not include communities, and it was added to SNMPv2c on demand from users.
SNMPv3 is the latest version of SNMP. Its primary feature is enhanced security.
