Martin Hodgson at Paessler explains the continued significance of the Simple Network Management Protocol.
There have been many methods and protocols for monitoring devices and data traffic developed over the years. But, despite many innovations in how we manage network devices, Simple Network Management Protocol (SNMP), first developed in the 1980s, is still going strong.
Understanding what SNMP is
SNMP is a standard protocol used for monitoring network devices on local area networks (LAN) or wide area networks (WAN). Additionally, SNMP can also be used to perform configuration tasks and change settings remotely.
SNMP-compatible hardware typically includes routers, switches, and servers but printers, environmental sensors (temperature, humidity, etc.), and many other devices can also be monitored and controlled using SNMP. The only prerequisites are that the device to be monitored is available via a network connection (Ethernet, TCP/IP) and has access to an SNMP server. It must also be an active device that can respond to requests.
Ultimately the main function of SNMP is to provide these various devices with a standardised language to be able to share information with a network management system.
SNMP setbacks and successes
One of the major concerns around SNMP has been related to security. In the early versions, this was lacking in some areas. The latest version, V3, does address this, but it is also more demanding and complex to manage which has limited its use. That said, the security risks of older versions can usually be averted by using SNMP within closed networks.
Another problem is the definition of Object Identifiers (OIDs) based on the manufacturers’ Management Information Bases (MIB). Here too, specialist knowledge, experience and a great deal of care is required. Again and again there are errors or inaccuracies in the definition of MIBs. The consequence is no results or wrong results when monitoring.
This is the reason why SNMP monitoring solutions are like a fine wine – they mature and get better with age. No monitoring manufacturer can extensively test the MIBs of all devices that they have integrated into their solution. They depend on feedback from their customers, who report faulty MIBs to them. The older the monitoring solution, the more customer feedback the manufacturer can incorporate into the solution, the better and more reliable the monitoring results are.
SNMP is a relatively lean monitoring protocol, i.e. it generates comparatively little load in the network and during processing by the monitoring solution. This makes SNMP a data acquirer on a large scale – some solutions can scale up to hundreds of thousands of devices and applications.
In addition, SNMP has a wide range of applications: from routers to servers to coffee machines. Thanks to its long-standing status as one of the most important monitoring protocols, SNMP is supported by almost every professional IT device.
The security pitfalls of improper SNMP configuration
A common SNMP issue is the automatic use of default community strings, ‘public’ and ‘private’, used to control access to devices. This poses a huge security risk. Leaving SNMP in the default condition with the default device community string can open you up to hackers who have access to the open ports. Administrators must take care to change these default settings or risk leaving their environments open to compromise.
And, in terms of default configuration pitfalls for SNMP, improper password practice is a real danger. In worst case security scenarios, sensitive pieces of corporate information can be taken when hackers gain access into poorly protected systems.
To safeguard yourself against hackers gaining access through admin strings with no passwords, SNMP community strings should be regarded as any sort of account secured with a password. Best password practice revolves around proper long password, using a random sequence of words, changing the password frequently and including different types of alphanumeric symbols.
A complex competitor landscape
SNMP has so far bravely asserted itself as one of the most important protocols in IT monitoring, despite its setbacks. However, SNMP is not the only tool that presents issues that many struggle with:
- WMI (Windows Management Instrumentation). Microsoft's monitoring protocol provides comprehensive data on availability and performance in Windows environments. However, it is only available in Windows environments which can be limiting.
- Packet Sniffing. Designed for bandwidth or traffic monitoring, sniffing provides deep insight into network performance but also places enormous demands on the network. In addition, it creates artificial bottlenecks, as all data must be routed through mirror ports or appliances for analysis.
- Flow (NetFlow, jFlow, sFlow, IPFIX...) Developed as an alternative to or further development of packet sniffing, flow protocols provide a comparable depth of information to sniffing without creating the same bottlenecks in data traffic. The key is that devices that support flow extract the information and make it available for the monitoring solution. However, the enormous depth of data also poses a challenge to the monitoring solution. Also, the devices and applications must support flow.
- Eventlog-based monitoring. Similar to sniffing or flow, most eventlog-based monitoring solutions also work with enormous amounts of data. This means it is necessary to have a sufficient basis for deep root-cause analyses, but it also makes corresponding demands on performance and adds a certain complexity. Advanced eventlog solutions, just like sniffing and flow solutions, require experienced administrators and some effort to deliver target-oriented results.
For some years now there have been signs of change. Thanks to the cloud, huge amounts of data can be processed at breath-taking speed and the focus is shifting from pure availability monitoring to in-depth analysis and long-term forecasts.
With increasing digitalisation in industry and healthcare, and the ever more present Internet of Things, new methods are becoming increasingly important. APIs and protocols such as JSON, XML or MQTT are progressively used for monitoring and set new standards in terms of compatibility and usability.
The future of SNMP
Currently, SNMP is indispensable for comprehensive IT monitoring and will probably remain so for some years to come. Many innovative hardware manufacturers have had to retrofit their API-equipped devices with an SNMP server via firmware updates because their customers did not want to replace their proven (SNMP) monitoring solution because of a new switch.
Particularly in small and medium-sized IT environments, SNMP is often the protocol of choice, as it can handle almost all of the required monitoring on its own and thus keeps the effort manageable. But even in the enterprise sector, SNMP is still a central component of a comprehensive monitoring concept as a resource-saving supplier of a broad database.
Martin Hodgson is Head of UK & Ireland at monitoring software company Paessler.
Main image courtesy of iStockPhoto.com