Network Device Management with SNMP

Download Report

Transcript Network Device Management with SNMP

Networked Device Management
with SNMP
SIA Working Group Presentation
ASIS 2014 (Atlanta)
SIA SNMP Working Group ASIS 2014
1
Background
• What is SNMP
– IETF [3] protocol suite [1] for network management
– Standards-based solution for managing devices on a network
• Why use SNMP
– Part of the expected feature set of modern civilized networkattached enterprise-class devices
– Because you need the network before you can access the device
– IOT: You need the internet before you can have the thing
• SNMP history
– First specified last century (RFC 1155 is from 1988)
– IETF standard
– Current state of the art is RFC 6353 (SNMP over TLS over TCP)
SIA SNMP Working Group ASIS 2014
2
SNMP Requirements
• Follow the standards and styles of the SNMP
implementor community including the
common open source options
• Support network management
– definition of "network management"
• Support management of the protocol stack
• Support network management of the
application and platform
SIA SNMP Working Group ASIS 2014
3
Example MIB Object
SIA SNMP Working Group ASIS 2014
4
SNMP Preferred Features
• Accurate device identification
• Support enough MIB objects to manage the
device in question
• MIB publically distributed
• MIB “compilable” with standard tools
• Secure access (TLS please?)
SIA SNMP Working Group ASIS 2014
5
SNMP MIB Compatibility
SIA SNMP Working Group ASIS 2014
6
Preferred SNMP - Details
• Relevant MIB object groups
– From RFC 1213: System, Interfaces, Address
Translation, IP, ICMP, TCP, UDP, EGP, Transmission,
SNMP
– Multicast (RFC 5132)
– PoE (example: CISCO-POE-PD-MIB-V1SMI [2])
• At least read access, preferably secure
read/write
SIA SNMP Working Group ASIS 2014
7
How to Evaluate SNMP
1. Find the public copy of the MIB
2. Install the MIB in open source and commercial
tools
3. Configure the device to support snmp as
securely as possible
4. Walk the MIB collecting data
5. Validate the data is accurate
6. Exercise manipulation of the device through
SNMP
7. Evaluate the implementation for security
SIA SNMP Working Group ASIS 2014
8
Terms
• IETF
• SNMP
• MIB
SIA SNMP Working Group ASIS 2014
9
References
[1] http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
[2] ftp://ftp.cisco.com/pub/mibs/v1/CISCO-POE-PD-MIB-V1SMI.my
[3] www.ietf.org
SIA SNMP Working Group ASIS 2014
10
About
This presentation is available online after the meeting at
https://convergence.smithee.us/SIA/snmp-asis2014.pptx
Rodney Thayer
[email protected]
Doc rev. 00
SIA SNMP Working Group ASIS 2014
11