Background Knowledge Simple Network Management Protocol Snmp Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Network Management system keeps the network up and running, monitor, and control network devices using conventional network technology. Local management and remote management are the two ways of managing a device connected to a network. Local management demands for a human manager where the managed object is situated. When the network devices are more and the network is widespread, management becomes tedious and impossible. Therefore, there arises the need to manage the network remotely. For this simple network management protocol was developed. The very basic purpose of this protocol is to manage the network remotely. It is a very simple management system. That is way it is most widely used. But that simplicity sometimes creates some major problems. And in the case of SNMP that problem is its security. In the beginning this simplicity makes SNMP insecure and thus resulted in its second version. Then SNMP v2 was introduces with some enhanced functionalities. But that was also not secure. So in 1998 SNMP v3 was issued as a set of proposed standards. William Stalling proposed security in this version by using Data Encryption Standard. According to him it provides security protection.

Nowadays SNMP is much more secure. Other than DES, triple DES is also used in SNMPv3 and that is implemented in java. But the purpose of this document is to compare cryptographic techniques for SNMP security. I will compare DES and any other better cryptographic technique like AES (Advanced Encryption Standard). My project is about to create a simple SNMP environment in which there will be a communication between agent and manager (of SNMP). Their communication will be done through commands (of SNMP) like GET, GET-NEXT, SET and TRAP, that will be secure by using cryptographic techniques. And we will find out some parameters like systems up time, CPU usage, memory capacity, etc. main purpose of the project is to know which cryptography technique gives better results.

Background Knowledge

Simple Network Management Protocol (SNMP)

SNMP is a simple network management protocol that was developed in late 1980's. It is a famous and is most widely used management protocol. It is used to manage the network devices and was designed to facilitate the exchange of management information between the network devices operating at application layer of ISO/OSI model. SNMP is used to monitor devices attached to the network for any condition that may require administrative intervention. The protocol can be used in collecting information from, as well as configuring servers, hubs, printers, routers and switches on an Internet Protocol (IP) network.

Simple network management protocol is simple as it requires an unreliable datagram service (i.e. UDP that is connection less). SNMP is used on more than one network devices with minimum effect on managed nodes or transport requirements. And SNMP agent continue working even some network devices have failed working. An SNMP managed network basically consists of following three components.

1. Managed device(s).

2. Agents.

3. Network Management systems.

The managed devices gather management information, and store it and can then make it available to Network Management Systems using SNMP. Managed devices include routers, hubs, IP telephones, printers etc. on the other hand, an agent is a software module that's embedded in a management device and has local information on that particular device. The network management system on its part executes the applications that monitor and control managed devices and provides the bulk of processing and memory resources required for network management. [1]

Research Statement

To develop analyze an environment like an SNMP in which there will be a secure communication between agent and manager where manager can request some fixed parameters (system information) from agent. And compare DES with some other better cryptographic techniques.

Research Area and Its Importance

This topic comes under the research area of Network Security.

As we all know that security in today's world is of great importance. In every aspect of life we need and demand security. Here we are concerned about network security. This is a world of technology and is a global village. In this global village everyone is connected to a network. So everybody wants to be secure. All the communication is done through a network. In today's technological advanced world computers and internet play a dominant role. It is estimated that when you connect your computer network to the internet, you are physically linking your computer to over 50,000 unfamiliar networks as well as their users.[2]

Despite the fact that it can open avenues to a number of useful applications and provide options for information sharing, many of the private networks consist of certain information that should not be shared with outside users on the web, which may sometimes result in application layer attacks, IP spoofing, DNS cache poisoning, password attacks, and man in the middle attacks.[2]  Thus we see that how important it is to have a secure network system.


Following are some objectives of this research

To have secure communication between agent and manager.

To get system information (some fixed parameters).

To find out the better cryptographic technique for SNMP security

Research Scope

The scope of the project is that I will be able to gather information from the agents through manager in a secure manner. DES and any other better cryptographic techniques will be used for secure communication. And following of the parameter we can collect from agent.

Memory Capacity

Number of Processes

Number of Users

SNMP Status

System Description

System Up Time

Total and free RAM

Systems current date and time

All the information will be encrypted and secure.

Following things will not be there in this project

Proper SNMP environment


Not all SNMP commands will be used


The outline of this thesis is:

In Chapter 1 introduction as well as background knowledge is discussed. Purpose of document and research statement is clearly defined. Chapter 2 provides history and complete background information. Literature review of the article is specified in Chapter 3. Chapter 4 is about proposed model with description. In Chapter 5 Analysis and design is given. Test cases are provided in Chapter 6. Conclusion and future work is provided is in Chapter 7. Last section provides references / resources.

2. Background Theory

2.1 Definitions

Following are some important definitions that must be understood.

Managed device

A managed device also known as network element is a network node that hold an SNMP agent and that is located on a managed network. Information is collected and stored on these managed devices that provide this information to NMSs using SNMP. These managed devices or network elements can be routers and access servers, switches and bridges, hubs, computer hosts, or printers. [3,4]


An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. [3,4]

Network Management System

An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network. [3,4]

Simple Network Management Protocol

This section provides detailed information about simple network management protocol. Background knowledge and all three version of SNMP are explained that gives a basic understanding of it.


Simple network management protocol is an application layer protocol. It provides communications and enables network devices to exchange management information in between them. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol. Network administrator perform different task with the help of SNMP, like, find and solve problems in the network, manage network performance and plan for network growth.

There exist three versions of SNMP, SNMP v1, SNMP v2, and SNMP v3. All three versions have a number of features in common, but SNMP v2 offers enhancement in SNMP v1 and SNMP v3 offers enhancements in version 2. Before going in further details of these versions, we have to know about Management Information Base/Database. [4]

Management Information Base/Database (MIB)

As we know that SNMP agent and manager communicate with each other and information that they share is stored in any database. Therefore both agent and manager shares same database that is known as Management Information Base/Database. There ae different set of questions that are stored in MIB files and SNMP manager can ask those questions from agent. Then agent collects the data and stores it as defined in MIB. [4]

The information stored in MIB is organized hierarchically. In MIB there are managed objects and they are indentified as object identifiers. A managed object basically consists of any characteristics of a managed device and consists of one or more object instances, which are essentially variables. Managed objects are of two types: Scalar and Tabular. Scalar objects define single object variable whereas Tabular objects define multiple objects variable that are grouped in MIB tables. [4]

An example of managed object is 'atInput'. It is a scalar object because it contains a single object instance, i.e. the integer value that indicates the total number of input AppleTalk packets on a router interface. [4]

In MIB hierarchy a managed object is uniquely identified by an object identifier or object ID. MIB hierarchy is illustrated as a tree and has several nameless roots. The names to different levels are given by different organizations. Standard organizations define top-level object IDs where as associated organizations define low-level object IDs. Non standardized MIBs are placed in the experimental branch and vendors can also include their private branches that contain managed objects for their own products.

Now an example for managed objects identifiers can be that, that 'atInput' can be uniquely identified by the object name ----- variables. AppleTalk.atInput-or by the equivalent object descriptor, [4]

Figure 1. The MIB Tree demonstrate the a variety of Hierarchies allocated by Different Organizations [4]

SNMP Version 1

The very first and basic implementation of simple network management protocol is known as SNMP Version 1. Being a part of transport layer it operates over User Datagram Protocol (UDP). It also operates on some other protocols such as "Internet Protocol, OSI Connectionless Network Services (CLNS), Apple Talk Datagram Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMP v1 is widely used and is the de facto network-management protocol in the internet community." SNMPv1 and Structure of Management Information

Management information is described by some rules and using Abstract Syntax Notation one (ASN.1). And it is define in Structure of Management Information (SMI). In SMI there are three main things, i.e. ASN.1 data types, SMI specific data types and SNMP MIB tables. Following are these data types are briefly explained.[4] SNMPv1 and ASN.1 Data Types

The SNMPv1 SMI states that all managed objects have a certain subset of Abstract Syntax Notation One (ASN.1) data types associated with them. Three ASN.1 data types are required: name, syntax, and encoding. The name serves as the object identifier (object ID). The syntax defines the data type of the object (for example, integer or string). The SMI uses a subset of the ASN.1 syntax definitions. The encoding data describes how information associated with a managed object is formatted as a series of data items for transmission over the network. [4] SNMPv1 Protocol Operations

In SNMP communication is done between network management system and managed devices through request and response queries. Request is sent to manage devices by NMS and managed devices give responses to those requests. Protocol operations (Get, GetNext, Set, and Trap) are used to retrieve the requests and responses. The Get operation is used by the NMS to retrieve the value of one or more object instances from an agent. If the agent responding to the Get operation cannot provide values for all the object instances in a list, it does not provide any values. The GetNext operation is used by the NMS to retrieve the value of the next object instance in a table or a list within an agent. The Set operation is used by the NMS to set the values of object instances within an agent. The Trap operation is used by agents to asynchronously inform the NMS of a significant event. [4]

SNMP Version 2

After SNMP v1, second version came in order to overcome the problems faced by initial version .in SNMP v1 there were some flaws and drawbacks as it was not secure, so SNMP v2 came. When this version came it became a standard but nowadays it is just a draft as SNMP v3 is introduced and became a standard. SNMP v2 proposed many improvements to SNMP v1. Some additional protocol operations were also included in it.[4] SNMPv2 and Structure of Management Information

The Structure of Management Information (SMI) defines the rules for describing management information, using ASN.1.

Details related to SNMP v2 SMI are given in RFC 1902. There are some additions and improvemts in SNMP v1's SMI explicitly about data types, such as including bit strings, network addresses, and counters. Bit strings are defined only in SNMPv2 and comprise zero or more named bits that specify a value. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses, but SNMPv2 can support other types of addresses as well. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined. [4] SNMPv2 Protocol Operations

The Get, GetNext, and Set operations used in SNMPv1 are exactly the same as those used in SNMPv2. However, SNMPv2 adds and enhances some protocol operations. The SNMPv2 Trap operation, for example, serves the same function as that used in SNMPv1, but it uses a different message format and is designed to replace the SNMPv1 Trap.

SNMPv2 also defines two new protocol operations: GetBulk and Inform. The GetBulk operation is used by the NMS to efficiently retrieve large blocks of data, such as multiple rows in a table. GetBulk fills a response message with as much of the requested data as will fit. The Inform operation allows one NMS to send trap information to another NMS and to then receive a response. In SNMPv2, if the agent responding to GetBulk operations cannot provide values for all the variables in a list, it provides partial results. [4]

SNMP Version 3

After releasing two versions of SNMP and still could not meet the security requirements, third version came with good security package. And now it is considered as a standard management protocol. Following are the main features that are included in this version. [5]

Authentication privacy

Authorization and Access control


There is a User-Based Security Model (USM) in SNMP v3 that provides authentication and privacy. And View-Based Access Control Model (VACM) for access control. USM is for messages security where as to have an access control VACM is introduced. SNMP v3 architecture uses both models simultaneously to have security. Other than security it also offers remote configuration capabilities to the previous versions. SNMP v3 is protected against masquerading, messege stream modification and disclosure attacks through USM as it uses MD5 (Messege Digest Algorithm) SHA (Secure Hash Algorithm) and DES (Data Encryption Algorithm). Similarly VACM is n new feature added in SNMP v3 that defines the Elements of Procedure for controlling access to management information. The VACM can simultaneously be

Associated in a single engine implementation with multiple Message Processing Models and multiple Security Models.[3]

SNMP Security

SNMP v1 used password in order to ensure the security. But that password was passed along with the data packet in a clear text form that was easily readable. This allowed masquerading, modification and disclosure attacks during message transmission. Then version came with a bit more security like in it message and other data sent was encrypted except destination address, that encrypted data was decrypted at destination and use the community name( password) and source IP address to validate the request. This type of security is referred to as party and context. Party referring to a specific machine or person and context referring to a name or string associated with the party.

After these security issues and some other drawbacks third version of SNMP came. SNMP v3 uses Data Encryption Standard (DES). The architecture provides a very good security. There are two security models USM and VACM that are explained above. It offers three security levels. Authentication and privacy from USM are at highest level. Then the middle level is with authentication and no privacy and the last bottom level is without authentication or privacy.

SNMP security is very much of importance because being a very simple management protocol in architecture it is most widely used and it also has the ability to reboot devices. And administrator cannot let that ability be violated. SNMP v3 is now with a very good package of security.[6]

Literature Review

1st paper: Security Issues and Vulnerabilities of the SNMP Protocol. By P. Chatzimisios [7]

Main Idea

In this paper the author, P.Chatzimisios [7], discussed security issues and weaknesses found in SNMP protocol.

3.1.2. Features and Characteristics

SNMP protocol performs different management functions like, configuration management, performance management, accounting management, fault management and security management.

For the first time when SNMP was developed, security was neglected.

But with the passage of time when need for security was realized it was tried to embed it in second version of SNMP.

SNMP v2 the standard version came with improvements and a bit good security package than SNMP v1. But it also could not provide sufficient security that was needed by the network management protocol so the new version, SNMP v3, came and is now being used as a standard version.

3.1.3. Advantages

Following are advantages of this research study.

We came to know about different weakness and threats in SNMP. That makes communication insecure.

As we are moving toward global communications we need secure communication networks. Network management system is exposed different types of threat ( like masquerading, DOS, data manipulation, etc ) and we have to protect the system from those treats. So this paper by creating awareness of these threats is making us to realize that we should implement security in SNMP.

We became aware of Different weaknesses and threats in network management system like, Access control, insecure perimeter of your network, non secure default string, hidden SNMP communities and stop authentication trapping.

This paper provides the insight of SNMP weakness and opens the door to counter and remove those problems.

3.2. 2nd paper: Performance Analysis of SNMP over SSH

By Vladislav Marinov and Jourgen Schonwalder [8]

3.2.1. Main Idea

The main idea of this paper is that it describes how the Secure Shell (SSH) protocol can be used to secure SNMP and it provides a performance analysis of a prototype implementation which compares the performance of SNMP over SSH with other secure and insecure versions of SNMP.

Features and Characteristics

Following are features and characteristics of Secure Shell (SSH).

The Secure Shell (SSH) protocol is a protocol for secure remote login and other secure network services over an insecure network. It consists of three major components:

Transport Layer Protocol: It provides server authentication, confidentiality and integration

User Authentication Protocol: Authenticates the client-side user to the server. It runs over the transport layer protocol.

Connection Protocol: Multiplexes the encrypted connection into several logical channels. It runs over the transport layer protocol after successful completion of the user authentication protocol.

An SSH server authenticates against an SSH client using host credentials (host keys) while the user authenticates against the SSH server using user credentials (user keys or passwords).

The SSH Security Model (SSHSM) for SNMP [6] is an instantiation of a TMSM which uses SSH, a Protocol already widely deployed to secure access to command line interfaces on network elements.

In this paper [8] performance of SNMP was evaluated by comparing it against SNMPv3/USM with authentication and privacy enabled. In performance session establishment overhead, performance for walks of different sizes without and with packet loss, and bandwidth used by different SNMP transports is compared and the memory requirements for keeping open SSH sessions on a command responder is discussed.

Authors of this paper measured and calculated the session establishment overhead for SNMP over SSH. For simple one-shot SNMP requests, SSH seems to be a rather costly solution since the costs for establishing a session and associated session keys is significant. For sessions that carry multiple SNMP interactions (e.g., table walks), the costs for the initial session setup are amortized and there is a break-even-point where SNMP over SSH starts to become more efficient than SNMPv3/USM with authentication and privacy enabled. The answer to the question whether SNMP over SSH is a viable alternative to SNMPv3/USM therefore depends on the SNMP usage pattern and the typical session length.

3rd Paper: Performance Evaluation for APSSNMP: An Alternative Security Algorithm for SNMP

By Chin Mun Wee and M. Salim Beg [9]

Main Idea

Authors of this paper [9] have presented an alternative algorithm for providing the security in SNMP v1 and v2. They tried to solve the security issues faced by first two versions of SNMP so that complex model of SNMPv3 should not have to be used.

Features and characteristics

Fewer resources are needed to implement this algorithm as compare to SNMP v3.

It (APSNMP) can be patched in to firmware more easily than SNMP v3.

Manager set encrypted values to an agent with confidentiality.

Provides authentication at two levels. First through Authentication and Anti-Replay value (AAR) and secondly, the values to be updated are encrypted with a different key to ensure that the exposure of one will not completely jeopardize the system.

APSSNMP provide immunity against modification, masquerade, message stream modification, and disclosure threats.

APSSNMP provides an in-built intrusion detection mechanism, whereas SNMPv3's is implementation dependent.

The performance of APSSNMP compared to the normal unprotected SNMPv1and the SNMPv3 is evaluated and assessed in this paper. The tests conducted are mainly used to highlight the difference in processing power needed to operate SNMPv3 and APSSNMP. Only the SetRequest and GetResponse messages are tested in this regard.


APSSNMP is advantageous compared to SNMPv3 because of its smaller size of implementation and the higher processing overhead used by SNMPv3.

APSSNMP transfers the memory and processing load from the management agent to the management station.

Proposed Model

Figure 2. Simple Network Management System

4.1. Description

There are two main entities of this system, Network Manager and Agent.

Figure 3


Figure 4

Figure 5