S 2.144 Selection of a suitable network management protocol

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

The following standard protocols for network management are currently applicable:

• SNMP (Simple Network Management Protocol); SNMP is described in RFC 1157. Request for Comment (RFC) is a standard which has established itself in the Internet.

• CMIP (Common Management Information Protocol); CMIP is described in the ITU-T standard X.711 and in ISO/IEC 9596-1.

The main advantages and disadvantages of these two protocols are described in the following in order to facilitate selection of the suitable network management protocol when the need arises.

SNMP

Two components are defined for SNMP: a manager and an agent. In a local network, one or more managers and one agent per IT system to be monitored and configured via SNMP are installed. The agents gather information about these systems and store this data in a MIB (management information base). They exchange messages with the manager via a connectionless protocol, so that SNMP does not rely on any particular transport protocol. Nowadays, it is usually implemented on UDP/IP. However, other implementations are possible and available (e.g. via OSI, AppleTalk, SPX/IPX). SNMP is available in different versions. In addition to the original version SNMPv1, different variants of version 2 (SNMPv2) are also in use to a limited extent (RFC 1901-1908).

SNMP is an extremely simple protocol which recognises three types of messages. Managers and agents use it to exchange what is known as management information, which basically consists of the values of status variables which are stored in management agents and describe the condition of the related managed object. The management database (MIB) describes which status variables (name and type) exist in each agent. The information is organised hierarchically and each value is assigned a unique identification number which defines a unique sequence of the variables. In detail, the types of messages are:

1. GetRequest: sent from the manager to agents to query the values of one or more status variables from them.

2. GetNextRequest: sent from the manager to agents to query the value or the next values in accordance with the order of the variables in the MIB.

3. SetRequest: sent from the manager to agents in order to set the value of a variable.

4. GetResponse: sent from agents to the manager in order to send the queried values or confirm that the value of a variable has been set.

5. Trap: used by agents in order to inform the manager of exceptional events. Unlike a GetResponse message, a Trap message is not preceded by a query from the manager.

The essential advantages and disadvantages are:

• SNMP has a simple design and is thus easy to implement. This reduces its susceptibility to faults and improves the stability of the protocol.
• SNMP is used on a widespread basis and is regarded as a de-facto standard. As a result, it is supported by nearly all products in network and system technology.
• The protocol can be adapted very easily to future requirements. For this reason as well as the above-mentioned widespread use of SNMP, this protocol can be considered extremely future-oriented, thus providing a high degree of investment protection.
• SNMP is a simple, connectionless protocol on the transport level. Consequently, the transmission of SNMP packets in a network is more efficient compared with the connection-oriented CMIP.

• The use of SNMP harbours security risks which could allow intruders to obtain detailed information on the system and network environment. Except for the community names (which, in the case of SNMP, allow the formation of groups and provide basic password protection), no real password protection is available for access to network components.

• Due to its simple nature and the features it possesses, the SNMP protocol exhibits shortcomings when operated in very large or rapidly expanding networks.

• The performance of version 1 proves inadequate in the case of complex MIB queries, as the complete MIB tree always needs to be specified.

One of the main disadvantages of version 1 of the SNMP is that it does not support authentication for access to monitored components. Version 2 of the SNMP compensates for some of these disadvantages and provides better performance in the handling of MIB queries.

However, different variants of SNMPv2 exist in terms of the security features supported. Only the variants SNMPv2* and SNMPv2u offer the possibility of symmetric, user-based authentication, while SNMPv2c continues to rely on communities. In SNMP, communities are firstly used to classify individual network components into groups, and secondly used as substitute passwords during access to these groups. SNMPv2* also offers the possibility of data encryption in accordance with the Data Encryption Standard in the Cipher Block Chaining Mode (DES-CBC). Due to the different variants of SNMPv2 presently in use, manufacturers of network components and network management systems are quite uncertain about their installation strategies, as a result of which implementations based on SNMPv2 are not yet encountered on a widespread scale, and are only inter-operable to a restricted extent.

The different variants of SNMPv2 are to be consolidated in the next SNMP version (SNMPv3). The release of SNMPv3 is currently being prepared but has not yet been completed.

For the above-mentioned reasons, only the use of SNMPv1 is recommended from the perspective of IT baseline protection. If the network management protocol or the network security features need to fulfil additional security requirements, use should be made of SNMPv2u or SNMPv2* with user-based authentication, or of CMIP. In principle, aspects related to confidentiality and authenticity are evidently supported to a greater extent by more recent versions of SNMP, although this advantage is accompanied by losses in bandwidth.

CMIP

In contrast to SNMP, CMIP is based on an implemented OSI protocol stack (OSI layers 1 to 3 are implemented as a protocol stack) and is thus also connection-oriented. This restricts the use of CMIP to components which fulfil hardware-related and software-related requirements for the implementation of a complete OSI stack. Due to the high demands placed by this implementation, a "CMIP Over TCP/IP" (CMOT) was also defined (RFC 1189). This allows CMIP to be operated in pure TCP/IP networks too.

One of the objectives of the CMIP concept was to develop an object-oriented management system. Accordingly, CMIP has a consistently object-oriented design. A CMIP machine (CMIPM) performs the tasks which are assigned to the manager under SNMP. This CMIPM, which consists of a software program like the SNMP manager, receives service requests from the agents of the objects to be managed to perform various operations; in response, the CMIPM sends CMIP messages to these agents. In accordance with object-oriented principles, the objects are managed via several trees which exhibit different mutual relations and are characterised by different types of access.

Due to its object-oriented design, CMIP is a very powerful and complex protocol. However, this protocol contains relatively few operations which allow full management on the basis of the above-mentioned object-oriented structure.

The essential advantages and disadvantages are:

• Due to its object-oriented design, CMIP offers many more possibilities than SNMP, including the execution of actions and the management of instances of management objects.
• CMIP offers more security than SNMP, particularly through the availability of mechanisms for access control, user authentication and auditing.
• The CMIP protocol is defined by OSI, thus constituting an official, international standard, whereas SNMP is only regarded as a de-facto standard based on a RFC.
• CMIP does not have the afore-mentioned shortcomings of SNMP.

• CMIP is a very complex protocol, whose diverse features are rarely required or capable of being used in its entirety. Due to the large number of possible settings, an elaborate configuration of this protocol is very difficult, and requires a great deal of know-how on the part of the administrator.

• CMIP requires roughly ten times as much system resources as SNMP. For this reason, it needs to be operated on powerful hardware which is only offered by a small number of active network components. The OSI protocol stack, which consumes additional resources, also needs to be implemented in general. CMOT constitutes an exception here.

• Due to the complexity of this protocol and the corresponding implementations, CMIP is potentially more susceptible to errors than SNMP implementations.

• Very few implementations of CMIP are presently available; except for in the area of telecommunications, this protocol is encountered very infrequently in practice.

In each individual case, a detailed examination is required as to which network management protocol is suitable for the applications involved. In this context, the security requirements for the network management system need to be formulated and co-ordinated. If the TCP/IP protocol stack is already being used in the local network and the security requirements are low, it is advisable to employ SNMPv1. However, high security requirements could also call for the use of SNMPv2 or CMIP here. If the CMIP protocol is used, a consideration is required as to which protocol stack it should be used on, i.e. either the OSI stack (CMIP) or the TCP/IP stack (CMOT).

Furthermore, it must be noted that CMIP and CMOT are presently not supported by all active network components and network management systems. Before a CMIP protocol is employed, a detailed check is therefore required as to whether the components and clients in use are CMIP-compatible.

Additional controls:

• Have the security requirements for the network management system been formulated and documented?

• Have the active network components and clients been checked for compatibility with the selected SNMP version or CMIP?