Owner's Manual
Glossary
189
ProSafe Network Management Software NMS200
SNMP Simple Network Management Protocol. Network management protocol used almost
exclusively in TCP/IP networks. SNMP provides the means to monitor and control
network devices, and to manage configurations, statistics collection, performance, and
security.
NMS200 uses SNMP for many network monitoring and management tasks.
SNMP-e
nabled network devices, including routers, switches, and PCs, host SNMP
agents that maintain system status and performance information that is tied to specific
Object Identifiers (OIDs). This information is a Management Information Base (MIB).
NMS200 uses MIB OIDs as references to retrieve specific data about a selected,
SNMP-enabled, managed device. MIB data may be accessed either with SNMP
Community Strings, as provided with SNMPv1 and SNMPv2c, or with optional SNMP
credentials, as provided with SNMPv3.
To monitor devices on your network, you must
enable SNMP on monitored devices
can do SNMP communications. The steps to enable SNMP differ by device, so you
may need to consult the documentation provided by your device vendor.
SNMP credentials secure access to SNMP-enabled managed devices. SNMPv1 and
SNMPv2
c credentials serve as a type of password that is authenticated by confirming
a match between a cleartext SNMP Community String provided by an SNMP request
and the SNMP Community String stored as a MIB object on an SNMP-enabled,
managed device. SNMPv3 provides a more secure interaction by employing the
following fields:
Credentials: The SNMP User Name is a req
uired cleartext string configured in
NMS200’s authentication. User Name functions similarly to the SNMP Community
String of SNMP v1 and v2c.
SNMPv3 provides two optional Authentication Methods: Message Digest 5 (MD5) and
Secure Hash Alg
orithm 1 (SHA1). Both methods, MD5 and SHA1, include the
Authentication Key with the SNMPv3 packet and then generate a digest of an entire
SNMPv3 packet then sent. MD5 digests are 20 bytes long, and SHA1 digests are 16
bytes long. When the device receives the packet, it uses the User Name to recreate a
packet digest using the appropriate method. Both digests are then compared to
authenticate.
SNMPv3 also provides two optional Privacy/Encryption Methods: Data Encryption
S
tandard (DES56) and Advanced Encryption Standard (AES128) using a 128 bit key.
DES56 uses a 56 bit key with a 56 bit salt, and AES128 uses a 128 bit key with a 128
bit salt to encrypt the full SNMP v3 packet.
Spanning Tree Protocol
(S
TP)
The inactivation of links between networks so that information packets are channeled
along one route and will not search endlessly for a destination.
SSH (Secure Shell) A protocol which permits secure remote access over a
network from one computer to
another. SSH negotiates and establishes an encrypted connection between an SSH
client and an SSH server.
SSL (Secure Sockets
Layer)
A program layer created by Netscape for managing the security of message
transmissions in a network. Netscape's idea is that the programming for keeping your
messages confidential ought to be contained in a program layer between an
application (such as your Web browser or HTTP) and the Internet's TCP/IP layers.
The “sockets” part of the term refers to the sockets method of passing data back and
forth between a client and a server program in a network or between program layers in
the same computer.
Trap (SNMP Trap) A notification from a network element or device of it
s status, such as a server startup.
This notification is sent by an SNMP agent to a Network Management System (NMS)
where it is translated into an event by the Mediation Agent.