A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)
identified, all other data transfers use HTTPS, a secure protocol. HTTP typically uses TCP port 80;
however some HP SIM components may use other TCP ports, in particular 5988 for WBEM.
• ICMP
Internet Control Message Protocol (ICMP), or IP protocol 1, is a network-layer control protocol that is
considered to be an integral part of IP, it is architecturally layered upon IP, i.e., it uses IP to carry its
data end-to-end just as a transport protocol like TCP or UDP does. ICMP provides error reporting,
congestion reporting, and first-hop gateway redirection [RFC1122]. The major feature of ICMP, though,
is its diagnostic capabilities. The PING command, for example, uses the ICMP ECHO message to test
an Internet connection. ICMP is used in the RSCC system to discover devices on the network and to
verify that a monitored system is ready to communicate.
• IP
IP (Internet Protocol) is a network-layer protocol that moves datagrams through an interconnected set
of networks. IP does not guarantee delivery of datagrams and provides no security. Data may be lost,
received out-of-order, or even duplicated. Upper-layer protocols, such as TCP and SSL/TLS, must be
used for providing reliable communication and security. IP is described in RFC 791. The next-layer
protocols referenced in this document are:
FunctionProtocolProtocol Number
Error and congestion reporting, diagnosticsICMP1
Reliable data transmissionTCP6
Datagram transmissionUDP17
Encrypted IP encapsulationIPsec-ESP50
• SNMP
SNMP (Simple Network Management Protocol) is an application-layer protocol used by network hosts
to exchange information used in the management of networks. When discussing SNMP, systems are
categorized as either “managed” or “managing”: a managing system manages a managed system.
Managing systems in turn may also be managed. Each managed system runs a process called an
agent. The agent performs two functions. It responds to information requests from a managing system
using the GET, GETNEXT and GETBULK protocol operations. The managed system agent will also send
unsolicited data to a managing system using the TRAP or INFORM protocol operations.
By default SNMP agents listen on UDP port 161. An SNMP manager sending requests to an agent
may use any ephemeral port for the source. The agent will reply to the manager on that port. Likewise,
by default SNMP managers listen on UDP port 162 for TRAP and INFORM messages from agents on
managed systems. The agent may use any ephemeral port for the source. Because SNMP traps are
notifications, the manager will not reply. If the manager does wish to respond to an agent trap, it must
do so to the agent’s listening port, UDP port 161 by default.
In the current RSCC system, SNMP version 1 is used to gather system configuration and status data.
Because SNMP utilizes UDP (User Datagram Protocol), which does not guarantee message delivery in
the way that TCP (Transmission Control Protocol) does, datagrams may arrive out of order, appear
duplicated, or go missing without notice. SNMP V1 security is limited to a clear-text community string
included with the request, similar to a password. SNMP V1 data is not encrypted, so the entire payload
can be easily snooped on the network. The operating system of the managed system may provide
additional security capabilities for SNMP such as IP address restrictions for valid requests. CERT maintains
a list of frequently asked questions about SNMP security at http://www.cert.org/tech_tips/
snmp_faq.html.
WEBES uses SNMP v2 as well. However, like v1, v2 does not provide encryption services. SNMP v3
provides encryption services, however it is not supported on Microsoft Windows and therefore is not
supported by HP Insight Remote Support Advanced.
• Syslog
The BSD system logging protocol, syslog, is an unencrypted protocol for transmitting system log messages
and is described in RFC 3164. Syslog has been assigned UDP port 514 but many implementations
2.5 Communication Protocols 21