Section 23.221 Simple Network Management Protocol (SNMP) Flashcards

Objective 4.4 Explain security alerting and monitoring concepts and tools

1
Q

SNMP (Simple Network Management Protocol)

A

An Internet protocol used for collecting information from managed devices on IP networks and modifying device behavior

Managed devices include the following…
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client devices

SNMP can be used to send an recieve data from these managed devices back to a central network management station

SMNP configuration must have manager and agents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SNMP Manager

A

A central system that collects and processes information from managed devices

■ Often set up as a server, especially in large enterprise environments

■ Sends and receives SNMP messages to and from agents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SNMP Agents

A

Networked devices that send information about themselves to the manager

■ Run background services to collect data and send it to the manager

■ Transmit data at regular intervals or when requested by the manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SNMP Message Types

SET

A

Manager-to-agent request to change variable values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SNMP Message Types

GET

A

Manager-to-agent request to retrieve variable values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SNMP Message Types

TRAP

A

Asynchronous notifications from agents to the manager to notify
significant events

● Notify the manager of events such as uptime, configuration changes, and network downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2 methods to encode data in to SNMP TRAP messgaes

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

2 methods to encode data in to SNMP TRAP messgaes

Granular

A

Sent TRAP messages get a unique object identifier OID) to distinguish each message as a unique message being received

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OID (Object Identifier)

A

Unique object identifier used to identify variables for reading or setting via SNMP

● Allows the manager to distinguish individual SNMP trap messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MIB (Management Information Base)

A

A hierarchical namespace containing OIDs and their
descriptions

● Describes the structure of device subsystem management data

● Stores consolidated information received through SNMP traps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

2 methods to encode data in to SNMP TRAP messgaes

Verbose

A

SNMP traps may be configured to contain all of the information about a given alert or event as a payload

● Data in SNMP TRAPS are stored in a simple key-value pair configuration
known as a “variable binding”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SNMP Versions 1, 2, and 3

SNMP versions 1 and 2

A

SNMP versions 1 and 2 use plain-text community strings for access, making them less secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SNMP Versions 1, 2, and 3

SNMP version 3

A

SNMP version 3 offers enhanced security features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SNMP Versions 1, 2, and 3

Security Enhancements in SNMP Version 3

A

○ Integrity: Hashing messages before transmission to prevent data
alteration

○ Authentication: Validating the source of messages

○ Confidentiality: Adding encryption using DES, 3DES, or AES

○ Dividing SNMP components into entities with different access privileges for improved security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly