Skip to content

Page196

SNMP

SNMP is the Simple Network Management Protocol, primarily used to monitor network devices. Network monitoring software such as MRTG uses SNMP to poll SNMP agents on network devices, and report interface status (up/down), bandwidth utilization, CPU temperature, and many more metrics. SNMP agents use UDP port 161.

SNMPv1 and v2c use read and write community strings to access network devices. Many devices use default community strings such as “public” for read access, and “private” for write access. Additionally, these community strings are usually changed infrequently (if at all), and are typically sent in the clear across a network. An attacker who can sniff or guess a community string can access the network device via SNMP. Access to a write string allows remote changes to a device, including shutting down or reconfiguring interfaces, among many other options.

SNMPv3 was designed to provide confidentiality, integrity, and authentication to SNMP via the use of encryption. While SNMPv2c usage remains highly prevalent, use of SNMPv3 is strongly encouraged due to the lack of security in all previous versions.

HTTP and HTTPS

HTTP is the Hypertext Transfer Protocol, which is used to transfer unencrypted Web-based data. HTTPS (Hypertext Transfer Protocol Secure) transfers encrypted Web-based data via SSL/TLS (see “SSL and TLS” section below). HTTP uses TCP port 80 and HTTPS uses TCP port 443. HTML (Hypertext Markup Language) is used to display Web content.

Note

HTTP and HTML are often confused. The difference: you transfer Web data via HTTP and view it via HTML.

BOOTP and DHCP

BOOTP is the Bootstrap Protocol, used for bootstrapping via a network by diskless systems. Many system BIOSs now support BOOTP directly, allowing the BIOS to load the operating system via a network without a disk. BOOTP startup occurs in two phases: use BOOTP to determine the IP address and OS image name, and then use TFTP to download the operating system.

DHCP (Dynamic Host Configuration Protocol) was designed to replace and improve on BOOTP by adding additional features. DHCP allows more configuration options, as well as assigning temporary IP address leases to systems. DHCP systems can be configured to receive IP address leases, DNS servers, and default gateways, among other information.

Both BOOTP and DHCP use the same ports: UDP port 67 for servers and UDP port 68 for clients.