SNMPv1 vs. V2c vs. V3 - SNMP版本比较

Once upon a time, there was a single version of the Simple Network Management Protocol (SNMP). 它用于监控和管理所有网络设备, 这些设备使用它来相互通信. 但是，随着时间的推移，出现了不同的SNMP版本.

今天，我们有SNMPv1、SNMPv2和SNMPv3. 但是，有什么区别呢 SNMP是如何工作的 在不同的变化中? 这些不同的版本可以在同一个网络中共存吗?

不同SNMP版本的重要组件

在我们探讨不同的SNMP版本以及每个版本提供的功能之前, 让我们快速介绍一下使用它们的设备.

什么是SNMP设备?

SNMP设备包括连接到组织网络的任何设备. 这包括:

• 路由器
• 开关
• 防火墙

然而, it also includes other components that you might not automatically think of as “设备”, 如:

• 闭路电视摄像头
• 负载平衡器
• 十大赌博正规老平台器

SNMP为什么重要?

SNMP为什么重要? 没有这个 网管协议类型，网络上没有任何设备可以有效地与其他设备通信. 从本质上讲，网络将不复存在. 毕竟, 如果您的十大赌博正规老平台器无法与路由器通信, 否则防火墙无法与其他设备通信, 没有互联性.

然而, each SNMP version is different and brings something else to the table. 有什么不同?? 继续往下读，找出答案.

什么是社区字符串?

Community strings are the combination of an ID or password with a GET request to access data from your SNMP-enabled 设备 (routers, 开关, 防火墙, 等.). SNMP community strings are read-only (SNMPv1 and SNMPv2c) or read-write (SNMPv3) when mastered on your network 设备. If you plan on using read-write, you will likely want to use SNMPv3 for security reasons.

什么是acl?

Access Control Lists (ACLs) are rule sets that assign permissions to certain users, 设备, 或者交通类型. ACLs can be used to add an additional layer of security to your SNMP configurations, as well as 通过限制流量来提高网络性能 只提供基本十大赌博正规老平台.

If you are a Cisco Meraki user, keep in mind that you must whitelist 设备 for SNMP queries.

SNMP V1

我们将从初始版本SNMPv1开始讨论.

什么是SNMPv1?

您可能会怀疑，SNMPv1是最早的版本，也是最古老的版本. It’s also the easiest to set up since all you’ll need is a plaintext community. 然而，这种简单的设置在今天成为了一个弱点. 只有一串明文, 即使限制在授权的IP地址范围内, V1在安全性方面提供的并不多. 这最初并不是一个问题，因为威胁还没有进化, 但在当今世界, 风险太大了.

SNMP Version 1漏洞

存在许多SNMP版本1漏洞. 然而, one of the key issues is that messages sent across the network are unencrypted. 换句话说, any bad actor with a packet sniffer can read the community string with little difficulty. Once that occurs, an attacker can create a spoofed IP address and interact with the network.

SNMP V2c

接下来是SNMP v2c. 关于这个版本你应该知道些什么?

什么是SNMPv2c?

SNMP v2c是该协议的第二代版本. 然而, don’t assume that signifies a major jump in terms of capabilities or security. 实际上，v2c只增加了对64位系统的支持. This means that it still suffers from all the security vulnerabilities that affected v1, 包括在网络上发送未加密的消息.

SNMPv2安全吗??

一句话，不. SNMPv2c并不是特别安全, 虽然它比最初的版本稍微好一点.

SNMP V2漏洞

因为它只是SNMPv1的一个改进版本, attackers can exploit the same weaknesses and easily gain access to the entire network through a spoofed IP address. It doesn’t help that SNMP V2c 设备 may ship from the manufacturer with PUBLIC as the community string name. Make sure you are customizing the community strings on your equipment before enabling it on your network.

SNMPv3

Now let’s discuss the final version of SNMP, SNMPv3, and how it addresses security vulnerabilities.

Network observability is a key outcome of Simple Network Management Protocol – explore the leading network observability tools by downloading the free GigaOm Radar for Network Observability today!

什么是SNMPv3?

顾名思义，SNMPv3是SNMP的第三个(也是最后一个)版本. It was developed specifically to address the security flaws that were so prominent in the first two generations. It also brought three new elements to the table, including SNMP View, SNMP Groups, and SNMP Users.

SNMPv3支持哪些加密算法?

SNMPv3 can use several different security encryption algorithms to help create safer networks. 包括SHA、MD5和DES. 更重要的是, 它可以使用它们而不需要大量的系统资源, 为其他网络需求留下额外的资源. Note that the security enhancements were the primary reason for SNMPv3’s development, 因此没有额外的主要功能增强.

SNMPv3如何工作?

SNMPv3的工作原理与v1和v2非常相似. 流量从各种各样的源(设备)流过网络。. SNMP communicates with the entire network and all the 设备 that comprise that network. In most 设备, it comes preconfigured, although some will require that administrators enable it. 启用后，所有设备将开始存储性能统计数据.

SNMP基于共享资源管理模型, 因为每个设备都有助于管理系统的资源. Protocol data units, called SNMP GET requests, are sent to different 设备. Those communications are tracked by network 监控 tools and then used to f等h data from SNMP.

SNMP V2和V3是否可以共存?

同一网络中是否可以同时使用SNMP v2和v3协议? While both are based on the same underlying principles, you cannot (nor should you want to). 它们最好用于不同的应用程序. 因为它提高了安全性, SNMPv3更适合在公共和面向internet的网络上使用.

最好只在低风险的内部网络上使用V2. 和, 澄清一下, 如果你还在运行SNMPv1, 你早该升级到更健康的状态了

In today’s IT environment, threat modeling is an important process for many organizations. 当谈到安全需求时, 安全威胁和漏洞, 临界, 修复方法, 没有适合所有人的正确解决方案. 而SNMPv3则利用双密码加密来提高安全性, 它不是非常常见或易于使用. You can use read-only v2c with an ACL to achieve sufficient security without having to work through 2-password encryption on v3.

让你的网络管理处于巡航控制状态

从优化问题到安全问题, managing a network can involve many threats and chores that your team may not be equipped to handle. 网络管理十大赌博正规老平台 from a trusted partner are a great way to free up your IT team for more strategic initiatives while maintaining availability.

ParkView Network Management™ brings the tools and expertise to achieve exceptional visibility, performance and intelligence to manage your network in today’s ever-changing IT environment. We allow you to eliminate set-up and implementation procedures by taking advantage of our Enterprise Operation Center (EOC) onboarding team’s product experience and best practices for optimum performance management.

立即十大赌博平台排行榜 to set up a call regarding our network managed services, or to explore our IT基础设施管理十大赌博正规老平台的组合.