Friday, August 13, 2010

Default SNMP Settings : Full Of Vulnerabilities For Hackers


Tags : , ,
Add This To Del.icio.us Share on Facebook StumbleUpon This Add to Technorati Digg This

The Simple Network Management Protocol (SNMP) is widely used by network administrators to monitor and administer all types of network-connected devices ranging from routers to printers to computers. SNMP uses an unencrypted “community string” as its only authentication mechanism. Lack of encryption is bad enough, but the default community string used by the vast majority of SNMP devices is “public,” with a few “clever” network equipment vendors changing the string to “private” for more sensitive information. Attackers can use this vulnerability in SNMP to reconfigure or shut down devices remotely. Sniffed SNMP traffic can reveal a great deal about the structure of your network, as well as the systems and devices attached to it. Intruders use such information to pick targets and plan attacks.

Note: SNMP is not unique to Unix. However, the reason it is listed under Unix is because the contributors have seen a majority of attacks on Unix systems caused by poor SNMP configurations. The contributors have not seen this as a major problem on Windows Systems.

Systems impacted:

All UNIX systems and network devices

CVE entries:

CAN-1999-0517, CAN-1999-0516, CAN-1999-0254, CAN-1999-0186

How to determine if you are vulnerable:

Check to see if you have SNMP running on your devices. If you do, check the configuration files for the common vulnerabilities:
  • Default or blank SNMP community names
  • Guessable SNMP community names
  • Hidden SNMP community strings

How to protect against it:

The following steps will help defend against SNMP exploits:
  1. If you do not absolutely require SNMP, disable it.
  2. If you must use SNMP, use the same policy for community names as used for passwords. Make sure they are difficult to guess or crack, and that they are changed periodically.
  3. Validate and check community names using snmpwalk. Additional information can be found at: http://www.zend.com/manual/function.snmpwalk.php
  4. Filter SNMP (Port 161/UDP) at the border-router or firewall unless it is absolutely necessary to poll or manage devices from outside of the local network.
  5. Where possible make MIBs read only. Additional information can be found at: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid210315


For Further Reading,
Internet Tweaks, PC Hacks, Tutorials

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 

Recent Posts

Loading...

Blog Archive