Advertisement
Online Test Banks
Score higher
See Online Test Banks
eLearning
Learning anything is easy
Browse Online Courses
Mobile Apps
Learning on the go
Explore Mobile Apps
Dummies Store
Shop for books and more
Start Shopping

Scan SNMP to Prevent a Hack of Your Network

Simple Network Management Protocol (SNMP) is built in to virtually every network device and can be a source of hacking. Network management programs (such as HP OpenView and LANDesk) use SNMP for remote network host management. Unfortunately, SNMP also presents security vulnerabilities.

Vulnerabilities

The problem is that most network hosts run SNMP enabled with the default read/write community strings of public/private. The majority of network devices have SNMP enabled and don’t even need it.

If SNMP is compromised, a hacker may be able to gather such network information as ARP tables, usernames, and TCP connections to attack your systems further. If SNMP shows up in port scans, you can bet that a malicious attacker will try to compromise the system.

Here are some utilities for SNMP enumeration:

You can use Getif to enumerate systems with SNMP enabled.

image0.jpg

In this test, you can glean a lot of information from a wireless access point, including model number, firmware revision, and system uptime. All this could be used against the host if an attacker wanted to exploit a known vulnerability in this particular system. There were several management interface usernames on this access point. You certainly don’t want to show the world this information.

image1.jpg

For a list of vendors and products affected by the well-known SNMP vulnerabilities, refer to www.cert.org/advisories/CA-2002-03.html.

Countermeasures against SNMP attacks

Preventing SNMP attacks can be as simple as A-B-C:

  • Always disable SNMP on hosts if you’re not using it — period.

  • Block the SNMP ports (UDP ports 161 and 162) at the network perimeter.

  • Change the default SNMP community read string from public and the default community write string from private to another long and complex value that’s virtually impossible to guess.

There’s technically a “U” that’s part of the solution: upgrade. Upgrading your systems (at least the ones you can) to SNMP version 3 can resolve many of the well-known SNMP security weaknesses.

blog comments powered by Disqus
Advertisement
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win an iPad Mini. Enter to win now!