SNMP Protocol Analysis: Network Management, Commands, and Applications
VerifiedAdded on 2023/06/03
|20
|4914
|153
Report
AI Summary
This report provides a comprehensive analysis of the Simple Network Management Protocol (SNMP), focusing on its role in network management, its various versions (SNMPv1, SNMPv2, and SNMPv3), and its architecture. It details why SNMP is popular in specific management areas due to built-in agents in network devices and its basic standards like Remote Network Monitoring (RMON). The report also explains different SNMP commands such as snmpget, snmpwalk, snmpbulkwalk, snmptable, snmpset, and snmptrapd, illustrating their usage with examples and highlighting their differences. Furthermore, the report includes an assessment of target hosts using SNMP, identifying network interfaces, datagrams received, ping messages, connected devices, and port statuses. It also addresses troubleshooting techniques for identifying and resolving port flapping issues. The document is a detailed resource for understanding SNMP and its practical applications in network management.
SNMP 1
SNMP
Name
Course
Date
SNMP
Name
Course
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SNMP 2
Section A
Introduction
In general, network management is a service that uses different tools, devices, applications,
and protocols to help network administrators in controlling and monitoring network
resources, both software and hardware, to address network objectives and service
requirements (Jin and Lin, 2012). For instance, in the past when transmission control
protocol/internet protocol were created, network management was given the least priority.
Because of the high development cost before 1980, network management was mostly
proprietary. As the complexity and size of the network grew, it led to significant diffusion of
technologies for network management.
It was in 1988 when Simple Network Management Protocol (SNMP) was approved by the
Internet Architecture Board (IAB) as a short-term solution to address network management
issues that were on the rise. This became the focal point for offering network management
services and created a way for standardized network management and emergence of more
tools for managing the networks.
A network management system (NMS) can be described as a group of applications or
software that facilitates control and monitoring of the entire network infrastructure. The
figure below shows the basic structure of an NMS.
Figure 1: Basic Network Management System Architecture (Source: Zhang, et al., 2015)
Section A
Introduction
In general, network management is a service that uses different tools, devices, applications,
and protocols to help network administrators in controlling and monitoring network
resources, both software and hardware, to address network objectives and service
requirements (Jin and Lin, 2012). For instance, in the past when transmission control
protocol/internet protocol were created, network management was given the least priority.
Because of the high development cost before 1980, network management was mostly
proprietary. As the complexity and size of the network grew, it led to significant diffusion of
technologies for network management.
It was in 1988 when Simple Network Management Protocol (SNMP) was approved by the
Internet Architecture Board (IAB) as a short-term solution to address network management
issues that were on the rise. This became the focal point for offering network management
services and created a way for standardized network management and emergence of more
tools for managing the networks.
A network management system (NMS) can be described as a group of applications or
software that facilitates control and monitoring of the entire network infrastructure. The
figure below shows the basic structure of an NMS.
Figure 1: Basic Network Management System Architecture (Source: Zhang, et al., 2015)
SNMP 3
The architecture is made up of two primary elements: managed device and managing device.
The management station is used as an interface between the network management system and
the network administrator. It is also used by other network management tools to carry out
network management functions by interacting with the managed devices.
Due to the diversity and the difference between managed devices such as switches, hubs,
bridges, routers and many others, a wide variety of programming interfaces and operating
systems, it has become critical to have a network management protocol for the management
station to facilitate effective communication with the managed devices. SNMP is one of these
protocols. Many other protocols have been developed such as CMIP to replace SNMP but
SNMP still remain one of the most popular network management tools. This section seeks to
explain why SNMP is a popular management tool and not so prevalent in other
communication areas. Additionally, it will include details of traditional SNMP controlled
technologies and areas covered by alternative management system.
Simple Network Management Protocol (SNMP)
This part will discuss the different versions of SNMP and introduce other network
management protocols. The reason why SNMP is very popular in certain areas of network
management is because most of the network devices used in most enterprise networks have
built-in agents that support SNMP. This facilitates monitoring and controlling any new
device(s) added to the network. Besides, it has additional basic set of standards such as
Remote network monitoring (RMON) which provides very crucial information about the
network to the network administrator by defining the remote network monitoring
Management Information Base (MIB) that substitutes MIB-2 (Mauro and Schmidt, 2009).
SNMP version
The goal of a network managements system is to implement a single protocol that will
facilitate management of both TCP/IP and OSI networks. There exist three versions of
SNMP: SNMPv1, SNMPv2, and SNMPv3. Initially, SNMPv1 was considered a temporary
network management protocol while ISO CMIP over TCP/IP was considered as long-term
solution. SNMP is made up of three features: the MIB which defies the managed
components, the SMI which explains how managed components in the MIB are defined, and
the SNMP which describes the protocol used to manage these components.
SNMP Architecture
The architecture is made up of two primary elements: managed device and managing device.
The management station is used as an interface between the network management system and
the network administrator. It is also used by other network management tools to carry out
network management functions by interacting with the managed devices.
Due to the diversity and the difference between managed devices such as switches, hubs,
bridges, routers and many others, a wide variety of programming interfaces and operating
systems, it has become critical to have a network management protocol for the management
station to facilitate effective communication with the managed devices. SNMP is one of these
protocols. Many other protocols have been developed such as CMIP to replace SNMP but
SNMP still remain one of the most popular network management tools. This section seeks to
explain why SNMP is a popular management tool and not so prevalent in other
communication areas. Additionally, it will include details of traditional SNMP controlled
technologies and areas covered by alternative management system.
Simple Network Management Protocol (SNMP)
This part will discuss the different versions of SNMP and introduce other network
management protocols. The reason why SNMP is very popular in certain areas of network
management is because most of the network devices used in most enterprise networks have
built-in agents that support SNMP. This facilitates monitoring and controlling any new
device(s) added to the network. Besides, it has additional basic set of standards such as
Remote network monitoring (RMON) which provides very crucial information about the
network to the network administrator by defining the remote network monitoring
Management Information Base (MIB) that substitutes MIB-2 (Mauro and Schmidt, 2009).
SNMP version
The goal of a network managements system is to implement a single protocol that will
facilitate management of both TCP/IP and OSI networks. There exist three versions of
SNMP: SNMPv1, SNMPv2, and SNMPv3. Initially, SNMPv1 was considered a temporary
network management protocol while ISO CMIP over TCP/IP was considered as long-term
solution. SNMP is made up of three features: the MIB which defies the managed
components, the SMI which explains how managed components in the MIB are defined, and
the SNMP which describes the protocol used to manage these components.
SNMP Architecture
SNMP 4
SNMP architecture follows the basic network management architecture as illustrated in figure
1 above. SNMP architecture has the following features (Wu, 2012):
Management agent: Accepts control commands from the management station and
provides information in the MIB to the management tool.
Management station: describes the how information can be controlled or collected by
the management tool.
Network management protocol: describes the protocol that is used to connect
management agents and management station.
The figure 2 below illustrates the architecture of SNMP and shows the primary elements of a
network management system.
Figure 2: SNMP Architecture (Zhang, et al., 2015)
SNMP is an application layer protocol that has been designed as a simple message-based
protocol. The manager process uses SNMP to attain network management that is deployed
over a user datagram protocol (UDP). It is necessary for any SNMP agent to implement both
UDP and SNMP protocols. Additionally, SNMP is a connectionless protocol meaning that
SNMP architecture follows the basic network management architecture as illustrated in figure
1 above. SNMP architecture has the following features (Wu, 2012):
Management agent: Accepts control commands from the management station and
provides information in the MIB to the management tool.
Management station: describes the how information can be controlled or collected by
the management tool.
Network management protocol: describes the protocol that is used to connect
management agents and management station.
The figure 2 below illustrates the architecture of SNMP and shows the primary elements of a
network management system.
Figure 2: SNMP Architecture (Zhang, et al., 2015)
SNMP is an application layer protocol that has been designed as a simple message-based
protocol. The manager process uses SNMP to attain network management that is deployed
over a user datagram protocol (UDP). It is necessary for any SNMP agent to implement both
UDP and SNMP protocols. Additionally, SNMP is a connectionless protocol meaning that
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SNMP 5
communication between the agent and the management station is independent transaction.
Figure 2 also illustrates that the SNMP supports five types of protocol data units (PDU).
Three PDUs can be issued by the manager on behalf of a network application: SetRequest,
GetNExtRequest, and GetRequest. The agent acknowledges all the three messages using a
GetResponse message that is transmitted to the management application. An agent can also
generate a trap message which is an unwanted message that is produced when a triggered
event affects the normal functions of the MIB.
SNMP is still popular because it consumes less network resources and requires fewer
processing capabilities. This has led to SNMP being included and disseminated even in
simple components such as a printer. SNMP has the capability to monitor the number of
processes running on a particular device, information about memory of different devices and
CPU usage, charts and graphs with traffic statistics, and data on levels of printer toners.
Additionally, SNMP has the ability to allow one or more devices on the network to be used as
managers. The device will be configured to receive information from other components on
the network. It is easier to identify any defects or unusual activities by processing the
information generated by the manager device.
The protocol also describes how the data collected is transferred since the agents themselves
are responsible for storing the data. SNMP is both robust and simple apart from being
powerful enough and having the capacity to manage heterogenous networks (Colace, De
Santo and Ferrandino, 2010). Since it is a connectionless protocol, one does necessarily need
to take any action before or after sending the message. Additionally, since no connection is
required, the agent or manager does not require each other to operate. The network
administrator requires the information obtained from the SNMP to make decisions and define
network management strategies.
Section B
SNMP Command
This section will discuss the various SNMP commands. All the SNMP commands are
executed on the SNMP management station (Dubie, 2017). It is necessary that one has to
install ILOM MIBs files before using SNMP.
Snmpget command
This command returns an administratively given name for a particular node. For example
snpget -mall -v1 -cpublic agent_IP_address sysName.0
communication between the agent and the management station is independent transaction.
Figure 2 also illustrates that the SNMP supports five types of protocol data units (PDU).
Three PDUs can be issued by the manager on behalf of a network application: SetRequest,
GetNExtRequest, and GetRequest. The agent acknowledges all the three messages using a
GetResponse message that is transmitted to the management application. An agent can also
generate a trap message which is an unwanted message that is produced when a triggered
event affects the normal functions of the MIB.
SNMP is still popular because it consumes less network resources and requires fewer
processing capabilities. This has led to SNMP being included and disseminated even in
simple components such as a printer. SNMP has the capability to monitor the number of
processes running on a particular device, information about memory of different devices and
CPU usage, charts and graphs with traffic statistics, and data on levels of printer toners.
Additionally, SNMP has the ability to allow one or more devices on the network to be used as
managers. The device will be configured to receive information from other components on
the network. It is easier to identify any defects or unusual activities by processing the
information generated by the manager device.
The protocol also describes how the data collected is transferred since the agents themselves
are responsible for storing the data. SNMP is both robust and simple apart from being
powerful enough and having the capacity to manage heterogenous networks (Colace, De
Santo and Ferrandino, 2010). Since it is a connectionless protocol, one does necessarily need
to take any action before or after sending the message. Additionally, since no connection is
required, the agent or manager does not require each other to operate. The network
administrator requires the information obtained from the SNMP to make decisions and define
network management strategies.
Section B
SNMP Command
This section will discuss the various SNMP commands. All the SNMP commands are
executed on the SNMP management station (Dubie, 2017). It is necessary that one has to
install ILOM MIBs files before using SNMP.
Snmpget command
This command returns an administratively given name for a particular node. For example
snpget -mall -v1 -cpublic agent_IP_address sysName.0
SNMP 6
The output of this command is as shown below
Figure 3: SNMPGet Command
This command is also used to display sysObjectID.0 content and MIB objects for
ilomCtrlDateAndTime. As shown in the figure above, MIB file name is awarded for every
MIB object. The following MIB object descriptions are extracted from MIB files.
sysName- this is the name given to a managed node administratively. It is a fully qualified
domain name.
sysObjectID- authoritative identification of the vendor of the network management
subsystem held in the entity. This value is assigned in the SMI enterprise sub-tree and gives
an unambiguous and easy way of identifying what type of box is being managed.
ilomCtrlDataAndTime- time and date of the device.
Snmpwalk command
This command automatically executes an array of chained GetNext requests. It is basically a
command used to save work. Rather than executing several snmpgetnext commands, one for
every node in a sub-tree, one can just issue one snmpwalk command on the root node of the
sub-tree and the command gets the value for each sub-tree node. For instance:
The output of this command is as shown below
Figure 3: SNMPGet Command
This command is also used to display sysObjectID.0 content and MIB objects for
ilomCtrlDateAndTime. As shown in the figure above, MIB file name is awarded for every
MIB object. The following MIB object descriptions are extracted from MIB files.
sysName- this is the name given to a managed node administratively. It is a fully qualified
domain name.
sysObjectID- authoritative identification of the vendor of the network management
subsystem held in the entity. This value is assigned in the SMI enterprise sub-tree and gives
an unambiguous and easy way of identifying what type of box is being managed.
ilomCtrlDataAndTime- time and date of the device.
Snmpwalk command
This command automatically executes an array of chained GetNext requests. It is basically a
command used to save work. Rather than executing several snmpgetnext commands, one for
every node in a sub-tree, one can just issue one snmpwalk command on the root node of the
sub-tree and the command gets the value for each sub-tree node. For instance:
SNMP 7
Figure 4: SNMPWalk Command
Snmpbulkwalk command
This command employs the use of GETBULK SNMP protocol element to request
information of the entire network entity. Through repeater specification, the command can
pack many objects into the packets. As compared to snmpwalk command, snmpbulkwalk
command is faster.
The example below shows snmpwalk command with approximate begin and stop time
stamps.
Figure 5SNMPWalk Command with Approximate Start and Stop Time Stamps
The next example shows the same operation but this time using snmpbulkwalk command.
Figure 4: SNMPWalk Command
Snmpbulkwalk command
This command employs the use of GETBULK SNMP protocol element to request
information of the entire network entity. Through repeater specification, the command can
pack many objects into the packets. As compared to snmpwalk command, snmpbulkwalk
command is faster.
The example below shows snmpwalk command with approximate begin and stop time
stamps.
Figure 5SNMPWalk Command with Approximate Start and Stop Time Stamps
The next example shows the same operation but this time using snmpbulkwalk command.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SNMP 8
Figure 6: SNMPBulkWalk Command
From the two examples we can see that snmpbulk command is faster than snsmpwalk
command.
Snmptable Command
This command is used to extract the contents of an SNMP table and show them in a tabular
manner, that is, a single table row at a time so that the output should resemble the table being
extracted. An example of snmptable command is shown below:
Figure 7: SNMPTable Command
Figure 6: SNMPBulkWalk Command
From the two examples we can see that snmpbulk command is faster than snsmpwalk
command.
Snmptable Command
This command is used to extract the contents of an SNMP table and show them in a tabular
manner, that is, a single table row at a time so that the output should resemble the table being
extracted. An example of snmptable command is shown below:
Figure 7: SNMPTable Command
SNMP 9
Snmptable command is only relevant to MIB table objects unlike the rest of the commands
which can be used in any MIB object. -Ci and -Cb options are used in the snmptable
command example given above.
Snmpset command
Snmpset command has a syntax that is almost similar to that of snmpget command, but the
commands are relatively different. The snmpset command is used to write the value specified
to the object ID while snmpget command is used to read the values for the specified object
ID. The example below shows how snmpset and snmpget commands are used together.
Figure 8: SNMPSet and SNMPGet Commands
Snmptrapd Command
This command is used in SNMP application that logs and receives Inform messages and
SNMP Trap.
Assessing Target Hosts Using SNMP
The first host assessed using SNMP command is a switch. The following output was shown.
Snmptable command is only relevant to MIB table objects unlike the rest of the commands
which can be used in any MIB object. -Ci and -Cb options are used in the snmptable
command example given above.
Snmpset command
Snmpset command has a syntax that is almost similar to that of snmpget command, but the
commands are relatively different. The snmpset command is used to write the value specified
to the object ID while snmpget command is used to read the values for the specified object
ID. The example below shows how snmpset and snmpget commands are used together.
Figure 8: SNMPSet and SNMPGet Commands
Snmptrapd Command
This command is used in SNMP application that logs and receives Inform messages and
SNMP Trap.
Assessing Target Hosts Using SNMP
The first host assessed using SNMP command is a switch. The following output was shown.
SNMP 10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SNMP 11
a. Number of network interfaces 1
b. Number of datagrams/packets
received
4052407
c. Number of ping messages received
by the target host
64
d. Network Devices connected to the
switch
1
e. How long has the SNMP agent been
running?
56 days, 00:36:28.00
f. How many datagrams have been
sent by the target host?
18261
a. Number of network interfaces 1
b. Number of datagrams/packets
received
4052407
c. Number of ping messages received
by the target host
64
d. Network Devices connected to the
switch
1
e. How long has the SNMP agent been
running?
56 days, 00:36:28.00
f. How many datagrams have been
sent by the target host?
18261
SNMP 12
g. Which ports are currently active 23, 80, 4242, 2222
h. How many segments have been
received by the target host?
20782
i. How many SNMP Get-Request
PDUs have been accepted and
processed by the host switch?
9973
j. Which ports are not available for
traffic?
Ports 161, and 514
k. What is the CPU utilization of the
router attached to the main target
host?
1000 Mbps
Parts of the router and/or switch MIBs
The parts of the switch MIBs that have been used during the assessment are mostly the ports,
specifically port UDP 161 and Port UDP 161. The manager application uses port UDP 161 to
poll the agents at regular intervals. Port UDP 162 is used by the SNMP Traps to allow agents
to send device and system information to the manager. The reason why UDP ports are used is
because UDP protocols are commonly used by SNMP (Jin and Liang, 2014). However, TCP
protocols can also be used.
Identifying the port that is Periodically flapping and intermittently dropping out
The first step is to run the netstat -a command to check the status of all the ports. Identify the
port that is constantly up and down. In this case, GigabitEthernet2/0/39 was constantly
coming up and down. The first step taken to troubleshoot the problem is to check if
‘keepalives’ was enabled to check for any unusual looping or cabling issues on the identified
port. Also, we could analyze the problem by running ‘sh log’ command to check for any
unusual activity on the switch. Another probable cause for the periodic flapping may be
because you are have exceeded or is approaching the spanning tree limits. 7 hops are the
recommended limit with spanning tree. Also, checked if the port was in blocking state.
Operational and Non-Operational Ports
g. Which ports are currently active 23, 80, 4242, 2222
h. How many segments have been
received by the target host?
20782
i. How many SNMP Get-Request
PDUs have been accepted and
processed by the host switch?
9973
j. Which ports are not available for
traffic?
Ports 161, and 514
k. What is the CPU utilization of the
router attached to the main target
host?
1000 Mbps
Parts of the router and/or switch MIBs
The parts of the switch MIBs that have been used during the assessment are mostly the ports,
specifically port UDP 161 and Port UDP 161. The manager application uses port UDP 161 to
poll the agents at regular intervals. Port UDP 162 is used by the SNMP Traps to allow agents
to send device and system information to the manager. The reason why UDP ports are used is
because UDP protocols are commonly used by SNMP (Jin and Liang, 2014). However, TCP
protocols can also be used.
Identifying the port that is Periodically flapping and intermittently dropping out
The first step is to run the netstat -a command to check the status of all the ports. Identify the
port that is constantly up and down. In this case, GigabitEthernet2/0/39 was constantly
coming up and down. The first step taken to troubleshoot the problem is to check if
‘keepalives’ was enabled to check for any unusual looping or cabling issues on the identified
port. Also, we could analyze the problem by running ‘sh log’ command to check for any
unusual activity on the switch. Another probable cause for the periodic flapping may be
because you are have exceeded or is approaching the spanning tree limits. 7 hops are the
recommended limit with spanning tree. Also, checked if the port was in blocking state.
Operational and Non-Operational Ports
SNMP 13
Basically, ports can be set to operational or non-operational states. The ports that are
operational in the target host include 23, 80, 4242, and 2222 while those that are non-
operational include 161 and 514. Some of the non-operational ports have either been
disconnected or has been set not to allow any traffic to go through. For instance, port 161 and
514 have been set not to allow any connections but the remaining non-operational ports is
because there is no connection.
Devices connected on the Vyos Test network
The figure below shows the number of devices connected on the VYOS test network. There
are a total of 161 connections on the network as shown below.
Figure 9: Number of Devices connected on the network
If one wants to check the names of the users on the connected devices, the command set
RHOSTS 192.168.1.200-211. Ensure to specify the range of the IP addresses.
Figure 10: set RHOSTS Command
Basically, ports can be set to operational or non-operational states. The ports that are
operational in the target host include 23, 80, 4242, and 2222 while those that are non-
operational include 161 and 514. Some of the non-operational ports have either been
disconnected or has been set not to allow any traffic to go through. For instance, port 161 and
514 have been set not to allow any connections but the remaining non-operational ports is
because there is no connection.
Devices connected on the Vyos Test network
The figure below shows the number of devices connected on the VYOS test network. There
are a total of 161 connections on the network as shown below.
Figure 9: Number of Devices connected on the network
If one wants to check the names of the users on the connected devices, the command set
RHOSTS 192.168.1.200-211. Ensure to specify the range of the IP addresses.
Figure 10: set RHOSTS Command
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SNMP 14
Section C
Using SNMP to detect issues related to CPU utilization as notified by SNMP trap
The following configuration can be loaded on the router to determine how the CPU is being
utilized:
!
snmp-server enable traps cpu threshold
snmp-server host 192.168.2.1 traps version 2c public cpu
process cpu threshold type total rising 80 interval 60 falling 40 intervals 60
process cpu statistics limit entry-percentage 70 size 300
!
The configuration above is used to identify heavy CPU utilization as it would be done in
RMON. This configuration is used to send traps to management station (Sabin, Russell and
Freuder, 2011). Additionally, SNMP event type can also be used to configure EEM applet
that will be able to store necessary show commands in the high_cpu.txt file. Event statements
should be carefully used since they may not run in the case of sudden spikes in CPU usage.
Responding to a Cyber Attack
In case of reports of possible cyber-attacks targeting local web servers and email servers,
normally, the first step to take is to connect the servers from the network to prevent any more
connections. This step is normally critical especially if it involves a big organization since
critical services will not be available. However, it is the most effective step. After
disconnecting the servers, create an effective post-incidence response plan and this requires a
number of key components to be put in place before a cyber-attack occurs. First, identify the
organization’s critical assets with an anticipation that unauthorized changes can be made on
the essential asset (information) or potential impact in case of a loss (Lowekamp, 2013).
Secondly, implement automated monitoring and enable logging- this will go a long way in
continuous attack detection and monitoring. Also, map out the threat surface including all the
points that an attacker could exploit to get physical or virtual access to data and systems.
These threat surfaces should be regularly reviewed every time there is an upgrade or a new
system is implemented.
But in such as case that a possible cyber-attack has been reported, create a cybersecurity
response team which should be made up of representatives from all the departments that
Section C
Using SNMP to detect issues related to CPU utilization as notified by SNMP trap
The following configuration can be loaded on the router to determine how the CPU is being
utilized:
!
snmp-server enable traps cpu threshold
snmp-server host 192.168.2.1 traps version 2c public cpu
process cpu threshold type total rising 80 interval 60 falling 40 intervals 60
process cpu statistics limit entry-percentage 70 size 300
!
The configuration above is used to identify heavy CPU utilization as it would be done in
RMON. This configuration is used to send traps to management station (Sabin, Russell and
Freuder, 2011). Additionally, SNMP event type can also be used to configure EEM applet
that will be able to store necessary show commands in the high_cpu.txt file. Event statements
should be carefully used since they may not run in the case of sudden spikes in CPU usage.
Responding to a Cyber Attack
In case of reports of possible cyber-attacks targeting local web servers and email servers,
normally, the first step to take is to connect the servers from the network to prevent any more
connections. This step is normally critical especially if it involves a big organization since
critical services will not be available. However, it is the most effective step. After
disconnecting the servers, create an effective post-incidence response plan and this requires a
number of key components to be put in place before a cyber-attack occurs. First, identify the
organization’s critical assets with an anticipation that unauthorized changes can be made on
the essential asset (information) or potential impact in case of a loss (Lowekamp, 2013).
Secondly, implement automated monitoring and enable logging- this will go a long way in
continuous attack detection and monitoring. Also, map out the threat surface including all the
points that an attacker could exploit to get physical or virtual access to data and systems.
These threat surfaces should be regularly reviewed every time there is an upgrade or a new
system is implemented.
But in such as case that a possible cyber-attack has been reported, create a cybersecurity
response team which should be made up of representatives from all the departments that
SNMP 15
would be part of handling the cyber-attack incident (Wang, Wang and Jin, 2013). Identify the
responsibilities for every team member and assign them tasks.
Assess the impact that the suspected cyber-attack may have to the organizations. Also, if the
attack has occurred, what are the possible consequences, are there any counter-measure in
place? These aspects are very important in responding to a cyber-attack effectively. Also,
implement the disaster recovery plan to restore normalcy to the organization (Štefko and
Gallo, 2015).
Section D
There exist constant security threats in today’s environment making network monitoring one
of the essential parts of protecting the infrastructure for any company (Spiceworks, 2019). In
the scenario under study, a company has been relying on third party company to manage its
network infrastructure but they have decided to do it on their own. Choosing a reliable
network management system requires one to assess their needs because different companies
expect different functions from a network management system (Al Shidhani, et al., 2016).
The primary functions of a network monitoring system are to assist in capacity planning,
improve overall network reliability, view the network topology, track network activities, and
streamline network troubleshooting. Understanding the benefits that a network management
system may bring to an organization, choosing the right can be quite difficult. This is because
not all the network management systems are developed equally. Therefore, the company
should choose a system that offer the best protection and management tools for their sensitive
data (Cui, 2014). There exist several key factors that should be considered when choosing a
network management system. They include:
A single and easy to use interface: everything that a network manager needs to see should be
accessed easily. There user should not have to switch between the different screens in to
collect information. It is recommended that one should look for a network management
system that uses web-based user interface that can be customized to suit the needs of the
different network administrators.
The network management system should have the ability to set a baseline. This includes
reporting security related activities and errors. Additionally, it should be able to identify the
normal operation on a network so as to establish a baseline. It should also have the ability to
differentiate abnormal events from normal events and reduce false positive reports.
would be part of handling the cyber-attack incident (Wang, Wang and Jin, 2013). Identify the
responsibilities for every team member and assign them tasks.
Assess the impact that the suspected cyber-attack may have to the organizations. Also, if the
attack has occurred, what are the possible consequences, are there any counter-measure in
place? These aspects are very important in responding to a cyber-attack effectively. Also,
implement the disaster recovery plan to restore normalcy to the organization (Štefko and
Gallo, 2015).
Section D
There exist constant security threats in today’s environment making network monitoring one
of the essential parts of protecting the infrastructure for any company (Spiceworks, 2019). In
the scenario under study, a company has been relying on third party company to manage its
network infrastructure but they have decided to do it on their own. Choosing a reliable
network management system requires one to assess their needs because different companies
expect different functions from a network management system (Al Shidhani, et al., 2016).
The primary functions of a network monitoring system are to assist in capacity planning,
improve overall network reliability, view the network topology, track network activities, and
streamline network troubleshooting. Understanding the benefits that a network management
system may bring to an organization, choosing the right can be quite difficult. This is because
not all the network management systems are developed equally. Therefore, the company
should choose a system that offer the best protection and management tools for their sensitive
data (Cui, 2014). There exist several key factors that should be considered when choosing a
network management system. They include:
A single and easy to use interface: everything that a network manager needs to see should be
accessed easily. There user should not have to switch between the different screens in to
collect information. It is recommended that one should look for a network management
system that uses web-based user interface that can be customized to suit the needs of the
different network administrators.
The network management system should have the ability to set a baseline. This includes
reporting security related activities and errors. Additionally, it should be able to identify the
normal operation on a network so as to establish a baseline. It should also have the ability to
differentiate abnormal events from normal events and reduce false positive reports.
SNMP 16
The system should be able to provide actionable information. This means that if the network
management system has the ability to report on particular activities, it should also provide the
tools to act on them. For instance, if an abnormal traffic is flagged, the system should give
you options on how to resolve such issue.
It’s vital to select a network observing solution with a comprehensive array of features, as
selecting the correct software can aid you attain high level goals with only a slight
speculation of resources. When assessing your network monitoring decisions, it’s critical to
deliberate the following things (Silver, 2010):
Scope: One of the first issues to contemplate about is the choice of the solution. In these
reverences, there are a small number of queries network bureaucrats should pursue to reply to
help make this verdict.
Will the answer be requisite in a solitary location or at multiple sites?
Will the coordination be used to monitor servers as well as all added network devices?
Will inaccessible sites requirement monitoring?
Will effective environments—such as storage, log file collection, or tradition
programs—need to be monitored?
Must systems that are classically down, like fallback servers or cellular WAN links,
be encompassed?
These are significantly vital questions to enquire and answer, as the choices made here will
influence nearly all additional features of the project. For this motive, take your time, do your
study, also guarantee that you come to the right and finest deductions.
Connectivity and Scalability: Alternative issue to reflect involves the architecture of the
answer, as well as its connectivity and scalability. Your web is not standard to halt the same.
Every single day it progresses business essentials in addition to requirements. For this
purpose, decision-makers must take into description the system’s connectivity to safeguard
the organization can grip the requirements of the expertise besides its components. This is
predominantly vital if seeing an agentless solution, since these apply a collector to poll basis
devices and pass beside information. After bearing in mind connectivity, network managers
must inspect the bounds of these amassers to see by what means many devices can be
reinforced and how much statistics will be peripatetic across the network.
Although one of the more problematic deliberations, it's similarly vital to take a look at the
system's choices for scalability. Distinguish what kind of burden the monitoring solicitation
can stand, besides what your selections are at what time (and if) you grasp that frontier. This
The system should be able to provide actionable information. This means that if the network
management system has the ability to report on particular activities, it should also provide the
tools to act on them. For instance, if an abnormal traffic is flagged, the system should give
you options on how to resolve such issue.
It’s vital to select a network observing solution with a comprehensive array of features, as
selecting the correct software can aid you attain high level goals with only a slight
speculation of resources. When assessing your network monitoring decisions, it’s critical to
deliberate the following things (Silver, 2010):
Scope: One of the first issues to contemplate about is the choice of the solution. In these
reverences, there are a small number of queries network bureaucrats should pursue to reply to
help make this verdict.
Will the answer be requisite in a solitary location or at multiple sites?
Will the coordination be used to monitor servers as well as all added network devices?
Will inaccessible sites requirement monitoring?
Will effective environments—such as storage, log file collection, or tradition
programs—need to be monitored?
Must systems that are classically down, like fallback servers or cellular WAN links,
be encompassed?
These are significantly vital questions to enquire and answer, as the choices made here will
influence nearly all additional features of the project. For this motive, take your time, do your
study, also guarantee that you come to the right and finest deductions.
Connectivity and Scalability: Alternative issue to reflect involves the architecture of the
answer, as well as its connectivity and scalability. Your web is not standard to halt the same.
Every single day it progresses business essentials in addition to requirements. For this
purpose, decision-makers must take into description the system’s connectivity to safeguard
the organization can grip the requirements of the expertise besides its components. This is
predominantly vital if seeing an agentless solution, since these apply a collector to poll basis
devices and pass beside information. After bearing in mind connectivity, network managers
must inspect the bounds of these amassers to see by what means many devices can be
reinforced and how much statistics will be peripatetic across the network.
Although one of the more problematic deliberations, it's similarly vital to take a look at the
system's choices for scalability. Distinguish what kind of burden the monitoring solicitation
can stand, besides what your selections are at what time (and if) you grasp that frontier. This
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SNMP 17
drive help safeguard an extensive lifecycle for the program as the business will be able to
apply it even if substantial development occurs.
Deployment: On-Premise, Off-Premise, or in the Cloud: Gone are the times of on-premise
machinery being the standard. With the increase of cloud also amalgam IT, managers have
more choices when it derives to discovery the correct network checking answer for their
industry. Your IT team can accomplish your elucidation on-premise or in the cloud, or a
third-party can achieve it at their site, whichever on-premise or in the cloud.
Administrations who want additional granular regulator of their network besides its
undertakings may desire solutions that can be accomplished on-site. Those wanting to
regulator prices may be attentive in the cloud. For those who want the time or resources to
bring about software themselves, a facility benefactor may be perfect. What's greatest for one
association may not be finest for a different. Look at your administrative goals, the extent of
your IT squad, and the capitals you have on hand, and select accordingly.
Automatic Discovery: Some answers originate with built-in involuntary detection, permitting
the machinery to test the network using Simple Network Management protocol (SNMP) to
regulate the present status of network mechanisms. For instance, would the business add a
new network constituent, a network monitoring answer with an involuntary detection scan
feature can comprise the accumulation of that expedient to safeguard your map is
continuously up to date.
Topology Mapping: Together with the essential for unearthing is the need for stratum
2/3 topology mapping, which allows network managers to have a pictorial representation of
the organization also its mechanisms. The representing feature will not merely recognize but
similarly help place expedients in reverence to their influences also connection with extra
devices. The network topology representing is an indispensable development to not only run
you with a pictorial expense of your network, but also to spontaneously keep your network
also offer you with enactment also accessibility monitoring.
Alerting: Lastly, intellectual warning safeguards that key workers, as well as network
overseers besides other IT staff, are informed should whatsoever apprehensive or out of the
commonplace be revealed on the network. These kinds of events can indicator an opening,
besides intelligent notifying competences give the IT squad the prospect to answer to also
alleviate any damaging chores being carried out previously they harm the network (Wei,
2012).
Base on the above key features, I would recommend that the company acquire a PRTG
Network monitor system. This tool has the capacity to monitor all the traffic, device,
drive help safeguard an extensive lifecycle for the program as the business will be able to
apply it even if substantial development occurs.
Deployment: On-Premise, Off-Premise, or in the Cloud: Gone are the times of on-premise
machinery being the standard. With the increase of cloud also amalgam IT, managers have
more choices when it derives to discovery the correct network checking answer for their
industry. Your IT team can accomplish your elucidation on-premise or in the cloud, or a
third-party can achieve it at their site, whichever on-premise or in the cloud.
Administrations who want additional granular regulator of their network besides its
undertakings may desire solutions that can be accomplished on-site. Those wanting to
regulator prices may be attentive in the cloud. For those who want the time or resources to
bring about software themselves, a facility benefactor may be perfect. What's greatest for one
association may not be finest for a different. Look at your administrative goals, the extent of
your IT squad, and the capitals you have on hand, and select accordingly.
Automatic Discovery: Some answers originate with built-in involuntary detection, permitting
the machinery to test the network using Simple Network Management protocol (SNMP) to
regulate the present status of network mechanisms. For instance, would the business add a
new network constituent, a network monitoring answer with an involuntary detection scan
feature can comprise the accumulation of that expedient to safeguard your map is
continuously up to date.
Topology Mapping: Together with the essential for unearthing is the need for stratum
2/3 topology mapping, which allows network managers to have a pictorial representation of
the organization also its mechanisms. The representing feature will not merely recognize but
similarly help place expedients in reverence to their influences also connection with extra
devices. The network topology representing is an indispensable development to not only run
you with a pictorial expense of your network, but also to spontaneously keep your network
also offer you with enactment also accessibility monitoring.
Alerting: Lastly, intellectual warning safeguards that key workers, as well as network
overseers besides other IT staff, are informed should whatsoever apprehensive or out of the
commonplace be revealed on the network. These kinds of events can indicator an opening,
besides intelligent notifying competences give the IT squad the prospect to answer to also
alleviate any damaging chores being carried out previously they harm the network (Wei,
2012).
Base on the above key features, I would recommend that the company acquire a PRTG
Network monitor system. This tool has the capacity to monitor all the traffic, device,
SNMP 18
applications, and systems of your IT infrastructure. This tool cost US$1600, which based on
the services it offers and its reliability, it is affordable (PRTG, 2019). Additionally, its
supports most of the technologies including flow technologies (sFlow, iFlow, NetFlow),
WMI, SNMP (all versions), SQL, Ping, and SSH. It also has a powerful API (EXE, VB,
REST, Python, DLL< Scripting, Batch, and Powershell).
Conclusion
In conclusion, simple network management protocol (SNMP) will still remain popular as
consumes less network resources and requires less processing power. This has led to SNMP
being included and disseminated even in simple components such as a printer. SNMP has the
capability to monitor the number of processes running on a particular device, information
about memory of different devices and CPU usage, charts and graphs with traffic statistics,
and data on levels of printer toners. Additionally, SNMP has the ability to allow one or more
devices on the network to be used as managers. The device will be configured to receive
information from other components on the network. It is easier to identify any defects or
unusual activities by processing the information generated by the manager device.
applications, and systems of your IT infrastructure. This tool cost US$1600, which based on
the services it offers and its reliability, it is affordable (PRTG, 2019). Additionally, its
supports most of the technologies including flow technologies (sFlow, iFlow, NetFlow),
WMI, SNMP (all versions), SQL, Ping, and SSH. It also has a powerful API (EXE, VB,
REST, Python, DLL< Scripting, Batch, and Powershell).
Conclusion
In conclusion, simple network management protocol (SNMP) will still remain popular as
consumes less network resources and requires less processing power. This has led to SNMP
being included and disseminated even in simple components such as a printer. SNMP has the
capability to monitor the number of processes running on a particular device, information
about memory of different devices and CPU usage, charts and graphs with traffic statistics,
and data on levels of printer toners. Additionally, SNMP has the ability to allow one or more
devices on the network to be used as managers. The device will be configured to receive
information from other components on the network. It is easier to identify any defects or
unusual activities by processing the information generated by the manager device.
SNMP 19
List of References
Al Shidhani, A., Al Maawali, K., Al Abri, D. and Bourdoucen, H. (2016). A Comparative
Analysis of Open Source Network Monitoring Tools. International Journal of Open Source
Software and Processes, 7(2), pp.1-19.
Colace, F., De Santo, M. and Ferrandino, S. (2010). SNMP-SI: A Network Management Tool
Based on Slow Intelligence System Approach. Communication and Networking, pp.83-92.
Cui, J. (2014). Design and Implementation of Computer Network Monitoring
Software. Applied Mechanics and Materials, 686, pp.201-204.
Dubie, D. (2017). Guide to Network Management and Monitoring. [online] PCWorld.
Available at:
https://www.pcworld.com/article/144635/guide_network_management_monitoring.html
[Accessed 7 Apr. 2019].
Jin, D. and Lin, S. (2012). Advances in Computer Science and Information Engineering.
Berlin, Heidelberg: Springer Berlin Heidelberg.
Jin, H. and Liang, M. (2014). The Hierarchical Network Topology Management System
based on Managed Object and View Mechanism. AASRI Procedia, 9, pp.12-18.
Lowekamp, B. (2013). Journal of Grid Computing, 1(1), pp.75-93.
Mauro, D. and Schmidt, K. (2009). Essential SNMP. Sebastopol: O'Reilly Media, Inc.
PRTG, P. (2019). PRTG Network Monitor » All-In-One Network Monitoring Software.
[online] Paessler.com. Available at: https://www.paessler.com/prtg [Accessed 7 Apr. 2019].
Sabin, M., Russell, R. and Freuder, E. (2011). Generating Diagnostic Tools for Network
Fault Management. Integrated Network Management V, pp.700-711.
Silver, T. (2010). Monitoring Network and Service Availability with Open-Source
Software. Information Technology and Libraries, 29(1), p.8.
Spiceworks (2019). Finding a Network Management System | Spiceworks. [online] IT
Articles. Available at: https://www.spiceworks.com/it-articles/network-management-system/
[Accessed 7 Apr. 2019].
List of References
Al Shidhani, A., Al Maawali, K., Al Abri, D. and Bourdoucen, H. (2016). A Comparative
Analysis of Open Source Network Monitoring Tools. International Journal of Open Source
Software and Processes, 7(2), pp.1-19.
Colace, F., De Santo, M. and Ferrandino, S. (2010). SNMP-SI: A Network Management Tool
Based on Slow Intelligence System Approach. Communication and Networking, pp.83-92.
Cui, J. (2014). Design and Implementation of Computer Network Monitoring
Software. Applied Mechanics and Materials, 686, pp.201-204.
Dubie, D. (2017). Guide to Network Management and Monitoring. [online] PCWorld.
Available at:
https://www.pcworld.com/article/144635/guide_network_management_monitoring.html
[Accessed 7 Apr. 2019].
Jin, D. and Lin, S. (2012). Advances in Computer Science and Information Engineering.
Berlin, Heidelberg: Springer Berlin Heidelberg.
Jin, H. and Liang, M. (2014). The Hierarchical Network Topology Management System
based on Managed Object and View Mechanism. AASRI Procedia, 9, pp.12-18.
Lowekamp, B. (2013). Journal of Grid Computing, 1(1), pp.75-93.
Mauro, D. and Schmidt, K. (2009). Essential SNMP. Sebastopol: O'Reilly Media, Inc.
PRTG, P. (2019). PRTG Network Monitor » All-In-One Network Monitoring Software.
[online] Paessler.com. Available at: https://www.paessler.com/prtg [Accessed 7 Apr. 2019].
Sabin, M., Russell, R. and Freuder, E. (2011). Generating Diagnostic Tools for Network
Fault Management. Integrated Network Management V, pp.700-711.
Silver, T. (2010). Monitoring Network and Service Availability with Open-Source
Software. Information Technology and Libraries, 29(1), p.8.
Spiceworks (2019). Finding a Network Management System | Spiceworks. [online] IT
Articles. Available at: https://www.spiceworks.com/it-articles/network-management-system/
[Accessed 7 Apr. 2019].
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SNMP 20
Štefko, R. and Gallo, P. (2015). Using Management Tools to Manage Network Organizations
and Network Models. Management of Network Organizations, pp.249-263.
Wang, X., Wang, M. and Jin, Y. (2013). The Design and Implementation of A Network
Provenance System Framework. Journal of Software, 8(6).
Wei, X. (2012). Design and Implementation of Network Management System Based on
Mixed-mode. Physics Procedia, 24, pp.871-876.
Wu, Y. (2012). Advanced Technology in Teaching - Proceedings of the 2009 3rd
International Conference on Teaching and Computational Science (WTCS 2009). Berlin/
Heidelberg: Springer Science & Business Media.
Zhang, Y., Gong, X., Hu, Y., Wang, W. and Que, X. (2015). SDNMP: Enabling SDN
management using traditional NMS. 2015 IEEE International Conference on Communication
Workshop (ICCW).
Štefko, R. and Gallo, P. (2015). Using Management Tools to Manage Network Organizations
and Network Models. Management of Network Organizations, pp.249-263.
Wang, X., Wang, M. and Jin, Y. (2013). The Design and Implementation of A Network
Provenance System Framework. Journal of Software, 8(6).
Wei, X. (2012). Design and Implementation of Network Management System Based on
Mixed-mode. Physics Procedia, 24, pp.871-876.
Wu, Y. (2012). Advanced Technology in Teaching - Proceedings of the 2009 3rd
International Conference on Teaching and Computational Science (WTCS 2009). Berlin/
Heidelberg: Springer Science & Business Media.
Zhang, Y., Gong, X., Hu, Y., Wang, W. and Que, X. (2015). SDNMP: Enabling SDN
management using traditional NMS. 2015 IEEE International Conference on Communication
Workshop (ICCW).
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.