| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
Closing SNMP gaps ON FEB. 12, the Computer Emergency Response Team (CERT) went public with a series of vulnerabilities in SNMP Version 1, the widely used standard for system management and monitoring. The announcement, based on the findings of a group from the Oulu University Secure Programming Group in Oulu, Finland, listed weaknesses in SNMP's trap-handling and request-handling functions that, according to the bulletin, could result in unauthorized access, DoS (denial of service) attacks, and unstable behavior.
What was new in CERT's notice was the availability of the PROTOS test suite, also developed by the Oulu University group, which turned SNMP vulnerability issues from theoretical exercises into practical realities. So in the days following the CERT announcement, many a security administrator could be found downloading the PROTOS tool and taking a close look at SNMP and all the devices that use it. Some exploits have been developed, although none has been made public, as of this writing. Windows, Solaris, Linux, print servers, routers, switches, storage appliances -- the list of affected devices is endless. But it's not difficult to secure your network perimeter. Simply ensure that your routers and firewalls are filtering SNMP traffic (ports 161, 162, 391, and 1993), filter SNMP traffic from non-authorized hosts, change default community strings, disable stack execution, and segregate SNMP traffic onto its own network. Easy enough. The hard part is identifying and patching all the systems on your network running SNMP. Attacks against Internet-facing network devices, such as your routers and firewalls, aren't the real concern; it's the worms and Trojan horses that get past those perimeter defenses that you must worry about. Thankfully, several organizations have released free scanners to help companies identify devices running SNMP. For example, the System Administration, Networking, and Security (SANS) Institute has released SNMPing, a tool that scans port 161 on a provided list of IP addresses. (You can request the SANS tool by sending an e-mail to snmptool@sans.org.) A free tool from Foundstone, SNScan, can scan ports 160, 161, 391, and 1993. (SNScan is available at www.foundstone.com/knowledge/free_tools.html.) And Qualys recently announced that it would provide free network scans to check for SNMP-enabled services and devices. Of course, companies that regularly perform system audits and security assessments can quickly identify which systems are running SNMP without using any of these specialized tools. That's why, in the end, the SNMP issue stands as testimony that following best practices is always the most effective means of ensuring security and managing risk. Mandy Andress (mandy_andress@infoworld.com) covers security and networking for the InfoWorld Test Center.  RELATED SUBJECTS  SecurityNetworkingMORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
