1 00:00:01,080 --> 00:00:05,770 SNMP, SNMP is the Simple Network Management Protocol. 2 00:00:05,770 --> 00:00:08,410 It's a TCP protocol that aids in the monitoring 3 00:00:08,410 --> 00:00:10,950 of network-attached devices and computers. 4 00:00:10,950 --> 00:00:12,440 You've learned about this earlier on 5 00:00:12,440 --> 00:00:14,000 when we talked about ports and protocols 6 00:00:14,000 --> 00:00:16,760 and you also learned about this back in Network+. 7 00:00:16,760 --> 00:00:18,900 Just to give you a quick review from Network+, 8 00:00:18,900 --> 00:00:21,190 I want to remind you that SNMP is incorporated 9 00:00:21,190 --> 00:00:23,730 into network management and monitoring systems 10 00:00:23,730 --> 00:00:24,670 and it's heavily used 11 00:00:24,670 --> 00:00:26,690 in the concept of management and monitoring. 12 00:00:26,690 --> 00:00:29,710 SNMP is broken down into three components. 13 00:00:29,710 --> 00:00:31,880 There is the managed devices, the agent, 14 00:00:31,880 --> 00:00:34,220 and the network management systems themselves. 15 00:00:34,220 --> 00:00:35,870 When we talk about managed devices, 16 00:00:35,870 --> 00:00:38,350 this is computers and other network-attached devices 17 00:00:38,350 --> 00:00:40,270 that are monitored through the use of agents 18 00:00:40,270 --> 00:00:42,230 by a network management system. 19 00:00:42,230 --> 00:00:45,360 Agents are software that's loaded onto a managed device 20 00:00:45,360 --> 00:00:47,300 and this allows us to redirect information 21 00:00:47,300 --> 00:00:48,860 to the network management system 22 00:00:48,860 --> 00:00:50,230 that's going to do the monitoring. 23 00:00:50,230 --> 00:00:52,530 And the Network Management System or NMS 24 00:00:52,530 --> 00:00:54,920 is the software that's run on one or more servers 25 00:00:54,920 --> 00:00:57,340 that controls the monitoring of all of the network-attached 26 00:00:57,340 --> 00:01:00,090 devices and computers across the network. 27 00:01:00,090 --> 00:01:02,690 SNMP is the glue that makes all three of these 28 00:01:02,690 --> 00:01:05,910 talk to each other using that SNMP protocol. 29 00:01:05,910 --> 00:01:08,420 So what does this all look like inside the network? 30 00:01:08,420 --> 00:01:11,020 Well, here in the screen, you can see a brief diagram. 31 00:01:11,020 --> 00:01:13,740 We have on the left our Network Management Station 32 00:01:13,740 --> 00:01:16,830 or our NMS which is part of our network management system. 33 00:01:16,830 --> 00:01:18,650 This is going to act as our manager 34 00:01:18,650 --> 00:01:20,470 and it's going to send and receive messages 35 00:01:20,470 --> 00:01:22,930 to all of the managed devices across the network, 36 00:01:22,930 --> 00:01:25,680 your routers, your switches, and your servers, right? 37 00:01:25,680 --> 00:01:27,130 Now when it wants information, 38 00:01:27,130 --> 00:01:29,010 it's going to send a get request 39 00:01:29,010 --> 00:01:31,800 and then those devices will send information back 40 00:01:31,800 --> 00:01:33,740 using a set request. 41 00:01:33,740 --> 00:01:35,810 Now there's also something called a trap request 42 00:01:35,810 --> 00:01:37,760 which is going to receive unsolicited information 43 00:01:37,760 --> 00:01:39,180 from those management devices 44 00:01:39,180 --> 00:01:40,820 where they just send information as needed 45 00:01:40,820 --> 00:01:42,260 at periodic intervals. 46 00:01:42,260 --> 00:01:45,130 Now this again is all review from Network+ 47 00:01:45,130 --> 00:01:48,010 and you don't really need to know it for the Security+ Exam 48 00:01:48,010 --> 00:01:50,830 except to know the function of SNMP. 49 00:01:50,830 --> 00:01:53,750 Now when we talk about SNMP from a security standpoint, 50 00:01:53,750 --> 00:01:56,020 we need to think about the three different versions. 51 00:01:56,020 --> 00:01:59,130 There's version one, version two, and version three. 52 00:01:59,130 --> 00:02:02,400 Now version one and version two are considered insecure 53 00:02:02,400 --> 00:02:05,410 because they use community strings to access a device 54 00:02:05,410 --> 00:02:07,430 as you learned back in Network+. 55 00:02:07,430 --> 00:02:09,150 These are default community strings 56 00:02:09,150 --> 00:02:10,900 of public which are read-only 57 00:02:10,900 --> 00:02:14,320 or private which allows read and write access to the devices 58 00:02:14,320 --> 00:02:17,230 and they are considered a fairly big security risk. 59 00:02:17,230 --> 00:02:21,097 For this reason, you should be using SNMP v3. 60 00:02:21,097 --> 00:02:23,950 SNMP v3 is a version of SNMP 61 00:02:23,950 --> 00:02:25,960 that provides integrity, authentication, 62 00:02:25,960 --> 00:02:28,940 and encryption of the messages being sent over the network. 63 00:02:28,940 --> 00:02:30,840 This means that the messages are going to be hashed 64 00:02:30,840 --> 00:02:32,910 before they're transmitted over the network. 65 00:02:32,910 --> 00:02:34,690 It's going to validate the source of the message 66 00:02:34,690 --> 00:02:36,800 to give you authentication of that message 67 00:02:36,800 --> 00:02:38,790 and it's going to use DES encryption 68 00:02:38,790 --> 00:02:41,090 to provide confidentiality and privacy. 69 00:02:41,090 --> 00:02:43,550 Now when we get to the encryption section next, 70 00:02:43,550 --> 00:02:44,580 we're going to talk about the fact 71 00:02:44,580 --> 00:02:46,750 that DES is not really that secure anymore, 72 00:02:46,750 --> 00:02:48,450 but it is still better than version one 73 00:02:48,450 --> 00:02:50,590 or version two of SNMP. 74 00:02:50,590 --> 00:02:52,070 And so you want to be able to use this 75 00:02:52,070 --> 00:02:53,950 'cause it gives you the best security 76 00:02:53,950 --> 00:02:55,900 out of the three options you have. 77 00:02:55,900 --> 00:02:59,530 So when you conduct all this network management using SNMP, 78 00:02:59,530 --> 00:03:02,080 you have two options where the data can be sent. 79 00:03:02,080 --> 00:03:04,160 You can send it over the network that you're using 80 00:03:04,160 --> 00:03:06,120 which is known as in band communication 81 00:03:06,120 --> 00:03:08,290 or you can send it out of band. 82 00:03:08,290 --> 00:03:09,420 Now when you do in band, 83 00:03:09,420 --> 00:03:11,360 that means you're going to send this management data 84 00:03:11,360 --> 00:03:13,300 over the same network that's carrying 85 00:03:13,300 --> 00:03:15,580 your corporate information and normal data. 86 00:03:15,580 --> 00:03:19,070 This is cheaper, easier, but it is less secure. 87 00:03:19,070 --> 00:03:20,180 Now to be more secure, 88 00:03:20,180 --> 00:03:22,410 you should create an out-of-band network. 89 00:03:22,410 --> 00:03:26,050 This is a secondary network where all the management occurs, 90 00:03:26,050 --> 00:03:28,260 but you still have that primary in band network 91 00:03:28,260 --> 00:03:29,160 where all of the data 92 00:03:29,160 --> 00:03:31,530 that the user is going to get is going to occur. 93 00:03:31,530 --> 00:03:33,100 Management should always be conducted 94 00:03:33,100 --> 00:03:35,950 on an out-of-band network because it increases security 95 00:03:35,950 --> 00:03:38,630 and takes that management function out of the place 96 00:03:38,630 --> 00:03:40,493 where users can touch it or see it.