What is SNMP?
SNMP stands for Simple Network Management Protocol and is a network protocol used to monitor and manage network equipment. It is an important tool for both IT and OT networks.
SNMP makes it possible to query information, receive alerts, and change settings on network components such as switches, routers, Firewalls, and industrial devices.
🧠 How does SNMP work?
- SNMP consists of three main components:
- SNMP manager: the system that collects data and sends commands
- SNMP agent: software running on network equipment that exposes data
- MIB (Management Information Base): a structured database of objects that can be queried
- Communication takes place over UDP ports 161 (requests) and 162 (traps)
- SNMP supports polling (periodic querying) and traps (asynchronous notifications)
Many industrial devices such as Switch, Router, Firewall, HMI, and even PLCs support SNMP for status monitoring.
🏭 Application of SNMP in industrial networks
- Monitoring of network traffic, port status, and error messages on Industrial Ethernet
- Receiving notifications of link failures or power loss via SNMP traps
- Integration with SCADA or network management platforms such as Zabbix, PRTG, Nagios
- Centralised logging and management of network infrastructure
- Inventory and status checks of network components in OT segments
SNMP is particularly useful for proactive monitoring and fault diagnosis in complex industrial networks.
🔍 SNMPv2 vs. SNMPv3
| Aspect | SNMPv2 | SNMPv3 |
|---|---|---|
| Security | No encryption, community strings | Encryption (AES), authentication (SHA/MD5) |
| User management | Not supported | Yes — via users and access profiles |
| Use | Outdated but still common | Recommended for secure environments |
| Complexity | Simpler to configure | More complex, but safer |
🔐 Security aspects
-
SNMPv2 uses plaintext community strings such as
publicandprivate— this is unsafe - Switch to SNMPv3 for encryption and secure authentication
- Use read-only accounts unless write access is genuinely needed
- Restrict access to SNMP via Firewall, Access Control List (ACL), and VLAN
- Combine with SIEM for centralised logging and detection of suspicious SNMP requests
Note: misconfiguration of SNMP can expose sensitive system information.
📌 In summary
SNMP is a powerful protocol for network monitoring and management, including in industrial networks. Prefer SNMPv3 and deploy it within a properly segmented and secured OT architecture.