Why was SNMPv2 developed when SNMPv1 was already available? The major changes introduced in SNMPv2 with a brief discussion on them
Simple Network Management Protocol version 2 is the revised protocol developed to solve the challenges experienced in the oldest SNMP protocol, SNMPv1, supporting 32-bit counters. SNMPv2 introduced two new messages not supported by SNMPv1, GetBulk and Inform protocol operations. First, NMS utilizes the GetBulk protocol to recover big bulk data, including multiple rows and columns of a dataset. Second, Inform message allows communication between various network management systems, sending trap data and receiving a response. SNMPv1 defined Structure of Management Information (SMI) as STD 16, and in RFCs 1155, its core component RFC 1215 specified traps. Whereas in SNMPv2, the structure of management information was revised and rewritten, whereby RFC 1904 described conformances, RFC 1903 dealt with textual conventions and RFC 1902 with a system of management information volume 2.
Furthermore, in SNMPv2, the Row Status syntax clause specified the columnar object, allowing adding and deleting of conceptual rows from the aggregate object table. The syntax clause allows table expansion by combining another table with the existing one. Therefore, essential for adding extra columnar objects to the current aggregate object favoring a columnar database that provides faster performance and high-volume storage of data in a small amount of memory. Additionally, SMIv2 is classified into Trap, object, and module definitions. The NOTIFICATION-TYPE macro defines Trap that specifies the information within SNMPv2, OBJECT-TYPE macro defines the primary attributes of individual management information base object, and MODULE-IDENTITY determines the responsive body for MIB.
In SNMPv2, textual conventions allow users to define new data types in a dataset. The combination of structural components and elements creates a meaningful purpose, and its consistent semantics enable readers to understand the characterizing of specific text types. Morever, in SNMPv2, conformance statement features allow customers to compare and contrast various products for purchase. The vendors can claim their product compatibility with a particular SNMP version, and additional product features can be added to the product. Finally, there are two new subgroups of the internet node in the MIB, including security and snmpv2. These SNMPv2 entities inhibit some characteristics of SNMPv1 and the rest of the components newly developed under the snmpv2 node.
Explaination of SNMP Communication Model in brief. Discussion of SNMP architecture only, emphasizing its utilization and goals
Simple Network Management Protocol (SNMP) architecture contains the management information base that reads the value of controlled activities by monitoring the nodes. The goal of MIB is to ensure the numerical strings are translated into readable text for the users of the system. When a message is sent across the network, MIB identifies data objects in the message with an IOD and records its source and destination. Other components of SNMP architecture are the SNMP manager and SNMP agent, which communicate through the management information base. When the SNMP agent requests information from the SNMP manager, the manager modifies and controls the network by generating the requested information and trap-event data. Nevertheless, the agent responds to SNMP queries to provide network node information, including its status and statistics. Various variables in the SNMP communication model include GetRequest, GetNextRequest, GetBulkRequest, SetRequest, Response, Trap, and InformRequiest to gather information for the requested network.
GetRequest is a message sent by the SNMP manager to request information from the SNMP agent. In return, the SNMP agent responds using a Response message variable based on Get messages, and it contains a new set value to indicate that a value has been set. GetNextRequest message is used to explore the available information in the SNMP agent, then reports back to the manager through the management of the information base. A continuous GetNextRequest from the manager can result in no more data available in the SNMP agent. Due to the inability of SNMPv1 to recover large amounts of data from big datasets, GetBulkrequest was introduced in SNMPv2 to serve the purpose of retrieving big data avoiding loss of information. GetBulkrequest operations function by sending GetNext messages progressively based on Max-Repetitions index restoring all the information available on datasets. InformRequest can be set to send requests continuously until an inform message is generated automatically. The SNMP agent can send Trap messages without the SNMP manager’s request to solve the faults that occur within the communication model.
Discussion of four types of threats to network management information while transported from one management entity to another
First, modification of information threat is performed when data content is changed or modified by network attackers involving non-trivial processing. The unauthorized attack that modifies the information elements targets data integrity tampering with its actual meaning or intention. For instance, if a user requests information from the server, the network attacker modifies the information from the network to the user by causing a service attack, including fabrication on authentication or flooding with bugs data.
Second, a masquerade threat is a security threat that uses a fake identity to gain access to the user’s devices by changing the original address. The attack occurs typically when the authorization process is not adequately secured, allowing masquerade attack on organization systems. There are different ways a network intruder can perform a masquerade attack, including exploiting vulnerable gaps in the network, weak passwords, and acquiring user logins from the browser history. The amount the network attack can obtain depends on the network vulnerabilities and security measures on the user’s device.
Third, message stream modification involves changing the intended packet header address and directing data to a new address. The network attacker can use particular malicious tools to exploit the contained information, which can be used for other crimes. The requested data can be modified or changed before reaching the targeted machine to give various attack commands or access the targeted device. When the message arrives at the destination, the user without network attack knowledge clicks on the links accompanied by the email message and gives intruders access to their personal computers.
Lastly, the information disclosure attack collects system-specific data, including the most visited websites, application patch levels, and related information acquired from the targeted devices or platforms. Websites including google.com give information about devices connected to the internet. Therefore, network attackers can exploit its information and identify the applications utilized in the connected computers, including its IP addresses and backup files or even temporary files. The extent to which the attack can be performed on a device depends on website vulnerability.
Four SNMPv3 key features
First, the SNMPv3 User security model consists of two essential services, including data encryption and identity authentication, requiring a workstation and agent sharing a key. Data encryption ensures the message is secured using encryption code by calculating the CBC code, which is then used to decrypt the message when it reaches or is accessed by destination. Identity authentication involves the agent confirming whether the message is from the right source or modified during transmission.
Second, the view-based access control model imposes restrictions on the access permissions from groups or communities. The model requires configuration to specify the type of information the end-user can access. This strategy aims to maintain the confidentiality of a particular type of information from the public or a specific group of people.
Third, the message processing and control model is responsible for creating SNMP messages and evaluating their ability to be accepted through a proxy server. Security parameters are added to received protocol control specific information and user’s data, analyzed to produce unpacked PDU, and sent to the dispatcher. Therefore, the user can access the data without unauthorized entry to destroy or modify the information.
Lastly, the local processing model implements various data processing functions, including data packaging, access control, and data interruptions. Access control sets agent-related information to allow the management process permission to access the agent’s information through PDU transmission in different locations. Data packaging is the process of combining the dataset with metadata to give detailed information about the dataset. The local processing model ensures data interruptions are detected and solved in the minimum time possible for the operations to work effectively, and SNMPv3 defines access control policies syntax with different parameters.