Video Activity

SNMP, SNMPv2 and SNMPv3 This lesson is about using the appropriate resources to analyze network traffic. This lesson covers the following resources: Simple Network Management Protocol (SNMP) SNMP Manager: data collection, can configure devices or pull information SNMP Agent: software on device: use on switches, printers and servers, can monitor or...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

31 hours 29 minutes
Video Description

SNMP, SNMPv2 and SNMPv3 This lesson is about using the appropriate resources to analyze network traffic. This lesson covers the following resources:

  • Simple Network Management Protocol (SNMP)

    • SNMP Manager: data collection, can configure devices or pull information
    • SNMP Agent: software on device: use on switches, printers and servers, can monitor or send data
  • SNMPv2: Performance improvements but complex security, not widely adopted
  • SNMPv3: The highest security, allows for username authentication, verifying that data is unchanged and encryption
Video Transcription
Hi and welcome to Cyber Eri. My name's Anthony and I'm your local subject matter expert for Network Plus And today we're gonna be talking about using the appropriate resource is to analyze the network traffic. So as we're monitoring our networks and as we're trying to analyze some of our network traffic and some of the things that are going on on our networks, we need to have a way that we can collect this information
rather than having to go around to every single device individually.
It's good to have something that can actually manage and collect this information from a centralized point.
One of those management consul types that we're gonna go into is going to be S and M P now S and M P stands for simple network management protocol. And what it allows us to do is it allows us to have a management agent which can configure as well as collect data
from R S and M P agents
that are the that are installed on our devices. Now, what type of devices can we collect information from for this S and M P? Well, we can use the agent on things such as difference network switches. We can use it on printers. We can use them on servers We could. You can even use them on
some of the environmental monitors that we talked about before. These S and M P agents essentially are allowing us to have insight as to what's going on with our devices without having to manually go to every single device.
I say we have a printer on our network that we want to know when it gets low on ink or gets low on paper. Because
we have
50 printers in our environment that we that we manage those printers. And rather than spending all day walking to every single one of those printers
and just keep going around and around and around, we can set up an R S and M P agent, and we can configure it from our S and M P Manager to send us that data. We may have a central management software which pulls all that information and lets us know give sends us an email alert when hey, printer uh, the printer on floor to lab three
is low on
toner. So we were aware of that very easily we need way may even be able to log in with the manager to configure that device to assign it a certain i p address. If it's gonna be a manage device on our network to change some of the information on the page counts or to view the page counts.
So it's A S and P
S and M P is a extremely valuable tool, and it's an extremely extremely powerful management and data collection tool for the devices on our network. If we have an environmental monitor and we want it toe, let us know and send us messages to our management agent, R S and M P Manager.
We can configure that device with the manager. You can configure the S and M P agent on the device
to send us alerts when we passed certain threshold, or when the temperature passes a certain threshold
so we can use that agent on a lot of different types of devices in our network. Now the manager again is going to be what can configure the devices or can pull information so we can have our manager log into those devices. It's S and P agent, and it can configure those devices or it can pull information.
And then our agent is what's going to be what is installed on those individual devices,
which then views, collects and sends us that data. Since the manager of the data we can have, we may have several managers and our environment. We may have one manager that's responsible for a certain group of agents and another manager that's responsible for another group of agents. It really just depends on how many agents we have in our environment
and what type what type of responsibility we want to segment up
now. We don't just have one version of S and M s an MP. We also have version to an version three and different devices on different release dates support different types of versions now. Version two included performance performance improvements as well as some security improvements.
But because of how complex the secure some of the security improvements were and how difficult they were to implement,
implement versus R S and M P. Version one S and M P version to was not very widely adopted. S and M P version to see was a bit more widely adopted than s and M P version, too, But just know that S and M p Version two did have some more performance
improvements as well as some more complex security improvements.
Now, our highest standard and our most recent standard is going to be S and M p version three. Now, this is going to allow us to do things such as having username, authentication or authenticating using MD five or shot s A J authentication. Now, if we're using M B five or Shaw authentication,
this essentially allows us to verify that that data has not been changed in route
for essentially what Indy five and Shah do is they're able to take a they're able to take a frame, terrible t take a packet and then essentially take
take a small snapshot of that packet running through a mathematical algorithm and give us a string of numbers.
If anything about that data packet is changed and we run it through, that mathematical string will get a completely different set of numbers.
You can't take that number. That set of numbers, which is called a hash and run it backwards through the string, are running backwards through the mathematical equation. and get the file. It doesn't work that way.
The fire. It's a one way mathematical equation. We push the file
through the mathematical equation, get the end output and then that end output we can compare to. If we run the five the file through it again in order to tell if that file has been changed, because even a single bit of data is change in that file, that math, that entire string of numbers will be different. It's not like we'll go from
1234 It's not like we'll go from 1112223
toe 1112224 It will be completely, completely different.
But Indy five compared to Shaw, Shaw is a better standard than MD five. MD five does have some known what's called collisions, which means that we can put two files through a that mathematical algorithm that Indy five mathematical algorithm
and two different files get the same number at the end. And that's bad. There's air called collisions,
so Shaw is a better algorithm to use, but that's a bit more complex. That's a bit out of the scope of this module So don't worry too much about that. If you didn't quite, if you didn't quite get it that what if that sounds very interesting to you. However, check out our security plus modules,
but anyway passed out My shameless plug
RMB five or Shaw Authentication will allow us to verify that that data has not been changed in route That also gives us the ability to perform encryption on that data in order to prevent people from just being able to sniff in and say, Oh, okay. He's low on toner or okay, he's
maybe he's trying to manage and set up this V land on this particular device
s So even though that data may not necessarily be something that could be that someone who's listening into it is trying to use against us, they may just be harmlessly trying to look at some of our packets. It's not necessarily something they need to know. So the
as bad as it may sound, especially coming from someone who's trying to teach people something,
you know, in the case of our network, the less other people that we don't want them to know about our network, the less they know the better.
They don't need to know what the I P addresses of our backend servers are. They don't need to know the data that we're receiving from R S and M P agent and maybe harmless if they know it. But that's not pertinent information for them. They're on a need to know basis. So we want to keep as much of that is obscured as possible and that keeps our
information private and also keeps are back in of our network more secure.
But nonetheless,
that's what our S and M P does. Our simple network management pro are simple. Network management protocol allows us to use a manager to manage our different agents on different devices throughout our network. We can receive data from those agents in order to monitor our network and see the status of certain devices. And we have our S and M P S and M P version, too.
And then our s and M P version three, which is going to be the
the highest security of all three of our devices in the best secure the easiest security toe implement versus S and M P version, too. And it also allows us to verify that data has been unchanged, and it allows us with an encryption as well as our data so that we can keep it a bit more secure.
Up Next
CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By