Search this site

Friday, April 27, 2012

Some NMS and SNMP Concepts!

A network management system (NMS) is a system comprising software and hardware that utilizes Simple Network Management Protocol (SNMP) to automatically discover, map, manage, and monitor all SNMP-enabled devices on a LAN or WAN. To have more control over network devices, an NMS may need to install some additional agent or client software there.

NMS can monitor a wide variety of network devices such as desktops, servers, switches, routers. It can also monitor any device on a network that is running Internet Protocol (IP) or Internet Packet Exchange (IPX).

Both commercial and open source NMS are available. Popular/good , commercial NMS are:  Cisco Network Management Software from Cisco Systems, HP Network Management Solution (OpenView) from HP, ManageEngine OpManager from ManageEngine, WebNMS framework from ZOHO Corp.

Open source NMS are: OpenNMS from, Nagios from     OpenSource.

To develop an NMS, you shall need a Web server (IIS/Apache...), a backend database (MySQL, MS SQL), scripting language for GUI (PHP,ASP, perl, .NEt, python...)

What is SNMP?

Simple Network Management Protocol (SNMP) is an application–layer protocol of Transmission Control Protocol⁄Internet Protocol (TCP⁄IP) protocol suite.

Today, most of the networking devices come with bundled SNMP agent, which enabled them to communicate with the network management system (NMS).

SNMP is Client/Server architecture having 2 major entities:
  1. SNMP Manager (at NMS)
  2. SNMP agent (at managed network devices )

Generally, NMS is used as:
  1. as a monitoring solution (SNMP Read Only queries) to monitor network devices
  2. as a management solution(SNMP Read Write queries) to manage network devices
  3. or a combination of above.

If it is being used as a network management solution, then the SNMP Read/Write (RW) string is present on the network devices, which drastically increases the risk after compromise of NMS system.

If it is being used as a network monitoring solution, then only the SNMP Read Only (RO) string is being used on the network devices, thus the ability for an attacker to cause damage after gaining control of an NMS system is drastically reduced.

SNMP Configuring Tips
  • NMS is Trusted Computing Base (TCB) device of your network, it has got all access in ACL (Access Control List) of router and Firewall. Hence it must be configured very carefully.
  • Both NMS and manged network devices should have same SNMP READ ONLY or READ WRITE
  • To avoid SNMP traffic sniffing and manipulation attacks, SNMPv3 or higher should be used with data encryption feature enabled
  • Ensure there is no unknown SNMP-enabled devices on your network
  • SNMP READ ONLY or READ WRITE string should be long and complex
  • Default SNMP READ ONLY or READ WRITE string should be changed, and it it is not being used then it should be removed
  • For remote administration SNMP configuration password should be set.
  • To enable SNMP client and service at Windows server/XP/Vista/7:
  • Go to :Control Panel. Click on Programs And Features link and then click on Turn Windows features on or off.
  • Type services.msc at Start> Run: Select SNMP Service Properties, click on Traps tab. In the “Community name” text box, enter a log and complex case-sensitive SNMP community name/string to which this computer will send trap messages.
  • Select Security tab: click Accept SNMP packets from these hosts. Set “Community Rights”: READ ONLY for monitor mode or READ WRITE for management mode.SNMP traffic passes over Transmission Control Protocol (TCP) ports 161 and 162 and User Datagram Protocol (UDP) ports 161 and 162. (If you sniff traffic through wireshark, you shall find SNMP protocol, and when right click, "Follow UDP Stream" menu is in context)

NMS Standards

Most NMS adopt 'FCAPS' ISO Telecommunications Management Network model and framework for network management. FCAPS is an acronym for Fault, Configuration, Accounting, Performance, Security.
  1. Fault Management: NMS correlates and manages notifications received from the agent installed on manged devices. If a parameter increases in size or complexity, it generate alarm to the manager via Email, SMS, RSS feeds and Twitter.
  2. Configuration Management: NMS is supposed to be vendor neutral and support multiple hardware and software devices. It creates inventory of physical (hardware version and revisions, firmware details) and logical configuration (system/network settings etc.) of devices and keeps this information up-to-date for proper planning.
  3. Accounting Management: NMS measures network utilization so that individual or group users on the network can be regulated appropriately for the purposes of accounting or chargeback.
  4. Performance Management: NMS monitors and measures various aspects of performance so that overall performance can be maintained at an acceptable level.
  5. Security Management:NMS ensures authentication, access control, data confidentiality, data integrity, and non-repudiation. These may be applied in course of any communications between network devices and between users.