Note: SNMP is not unique to Unix. However, the reason it is listed under Unix is because the contributors have seen a majority of attacks on Unix systems caused by poor SNMP configurations. The contributors have not seen this as a major problem on Windows Systems.
Systems impacted:
All UNIX systems and network devicesCVE entries:
CAN-1999-0517, CAN-1999-0516, CAN-1999-0254, CAN-1999-0186How to determine if you are vulnerable:
Check to see if you have SNMP running on your devices. If you do, check the configuration files for the common vulnerabilities:- Default or blank SNMP community names
- Guessable SNMP community names
- Hidden SNMP community strings
How to protect against it:
The following steps will help defend against SNMP exploits:- If you do not absolutely require SNMP, disable it.
- If you must use SNMP, use the same policy for community names as used for passwords. Make sure they are difficult to guess or crack, and that they are changed periodically.
- Validate and check community names using snmpwalk. Additional information can be found at: http://www.zend.com/manual/function.snmpwalk.php
- Filter SNMP (Port 161/UDP) at the border-router or firewall unless it is absolutely necessary to poll or manage devices from outside of the local network.
- Where possible make MIBs read only. Additional information can be found at: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid210315
For Further Reading,
0 comments:
Post a Comment