|Remove||Item||Quantity × Price|
|Your cart is empty|
Let's face it, it's the end of 2017 and most people is tracking their network usage data with SNMP using tools like Cacti, Openview, MRTG or something similar. According to an interesting research available from the University of Twente (https://www.utwente.nl/en/eemcs/dacs/assignments/completed/bachelor/reports/B_assignment_Schippers.pdf), mostly using SNMPv1 and SNMPv2c. In 2017. Argh.
Apart from its intrinsic vulnerabilties and information exposure (you can get a taste here), it is an extremenly useful tool to get information about systems & network devices for hacking purposes.
SNMPv3 could improve security in networks but never really took place, since probably the implementation effort is not worth the benefits it provides. Besides, is not immune to attacks, as you can see in papers like this and this.
Sure, most companies use it internally on their networks, but leaving it open without so much control is looking for trouble. And there is still people running it over the Internet (it is no surprise, given the damage the WannaCry worm did).
From the usage point of view, in the network area, SNMP gives you an overall view of what's happening in a very simple way: a network interface usage in percentage of its bandwidth.
It's as if I got to know about the engine's state of a car, I was just opening the bonnet and limiting myself to a quick glance. It seems to me a very superficial approach.
On the other side, DPI (Deep Packet Inspection) is impressively expensive.
You will need control points in strategic area of your network, hopefully easy to manage and with good performance (ask yourself why you rarely find "wire-speed performance" when DPI is enabled).
Such infrastructure does not come for free. And guess what ? The network world is moving to encryption and voilà, your costly DPI infrastructure is useful like a car without fuel.
Meet the new version of Fl0wer. On CyberMonday 2017.