I read that a remote attacker could get into an organization's network infrastructure by abusing Simple Network...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Management Protocol-enabled, or SNMP-enabled, network devices. How can we stop this attack?
Upgrading to SNMP v3 for the highest level of security is not enough to prevent an attacker from abusing SNMP-enabled network devices to get into the organization's network infrastructure from any computer. The attacker could exploit improper role separation, for example.
If a legitimate administrator hasn't separated the roles of users and groups, then all the roles have the same password and the same read and write SNMP permissions. All the users have the same SNMP views of a database called the management information base (MIB).
This flaw would give the attacker unrestricted SNMP views of the entire database. The SNMP view command excludes a list of what MIB objects in the database should be viewed. When SNMP v3 traffic is attacked, the entire network may be impacted.
To stop the attack, US-CERT recommends administrators:
- Configure SNMP v3 to use authpriv, the highest level of security for authentication and privacy on most devices.
- Separate the roles and assign proper credentials for each. SNMP managers are allowed to read traps or alerts that something is wrong in the network from a remote-enabled device. They are denied write permissions.
- Apply access control lists to block unauthorized computers from accessing the device.
- Limit the users' SNMP views of the MIB database according to the roles assigned to the users. The SNMP v3 view command is restricted to the SNMP Object Identifiers that point to MIB objects in the database. All other MIB objects not assigned to a role are shut out.
- Segregate SNMP traffic into a separate network management network, such as out of band. A dedicated network port should be the sole link for SNMP v3.
- Update system images and software as they became available.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to monitor an environment with the Simple Network Management Protocol
Discover how to use the Net-SNMP agent for systems management
Find out what advantages SNMP monitoring tools offer enterprises
Dig Deeper on Network Access Control technologies
Related Q&A from Judith Myerson
A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what ...continue reading
Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses ...continue reading
Expert Judith Myerson explains how IP theft can happen despite the cryptographic protections in IEEE standard P1735, as well as what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.