I read that a remote attacker could get into an organization's network infrastructure by abusing Simple Network...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Management Protocol-enabled, or SNMP-enabled, network devices. How can we stop this attack?
Upgrading to SNMP v3 for the highest level of security is not enough to prevent an attacker from abusing SNMP-enabled network devices to get into the organization's network infrastructure from any computer. The attacker could exploit improper role separation, for example.
If a legitimate administrator hasn't separated the roles of users and groups, then all the roles have the same password and the same read and write SNMP permissions. All the users have the same SNMP views of a database called the management information base (MIB).
This flaw would give the attacker unrestricted SNMP views of the entire database. The SNMP view command excludes a list of what MIB objects in the database should be viewed. When SNMP v3 traffic is attacked, the entire network may be impacted.
To stop the attack, US-CERT recommends administrators:
- Configure SNMP v3 to use authpriv, the highest level of security for authentication and privacy on most devices.
- Separate the roles and assign proper credentials for each. SNMP managers are allowed to read traps or alerts that something is wrong in the network from a remote-enabled device. They are denied write permissions.
- Apply access control lists to block unauthorized computers from accessing the device.
- Limit the users' SNMP views of the MIB database according to the roles assigned to the users. The SNMP v3 view command is restricted to the SNMP Object Identifiers that point to MIB objects in the database. All other MIB objects not assigned to a role are shut out.
- Segregate SNMP traffic into a separate network management network, such as out of band. A dedicated network port should be the sole link for SNMP v3.
- Update system images and software as they became available.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to monitor an environment with the Simple Network Management Protocol
Discover how to use the Net-SNMP agent for systems management
Find out what advantages SNMP monitoring tools offer enterprises
Dig Deeper on Network Access Control technologies
Related Q&A from Judith Myerson
NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes ...continue reading
BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what ...continue reading
A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.