Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.1  Devices
           9  3.1.10  Network Monitoring / Diagnostics

Previous Topic/Section
Security Issues with Network Monitoring Tools
Previous Page
Pages in Current Topic/Section
1
Next Page
 3.1.11  Workstations
Next Topic/Section

SNMP (Simple Network Management Protocol)

Finally, we want to say a few words about SNMP, the Simple Network Management Protocol (not a tool) that has been in the news lately, due to the security vulnerabilities inherent in it. As we noted earlier, many hardware devices like routers and switches are equipped with SNMP capability. The SNMP network management protocol is used to query network devices for information such as configuration, traffic and error counter values, etc.

However, it has also been used by hackers, who take advantage of the fact that the primary way an SNMP query authenticates itself to a device is by providing the right “community name” – which the majority of network installations never change from the default, “public”. And those who do change it find that any password still leaves SNMP vulnerable to the same password-sniffing attacks that work on any system transmitting

“secret key” authentication information across the network. Various security flaws in SNMP have recently led vendors to issue software and firmware updates for devices from switches to routers, or to recommend that SNMP be disabled on devices, which are not firmware-upgradeable. SNMPv2 will feature improvements to authentication.

The usual rule applies here: unless you specifically need SNMP, turn it off.

SNMP

SNMP, the Simple Network Management Protocol, is used to query devices for status information, error counters and performance statistics.

One security issue with SNMP is that many administrators never change their SNMP community name from the default, “public”, allowing anyone who can reach that device (even across the Internet, if your firewall doesn’t disallow it) and who specifies that community name, to retrieve device information.

Another security issue is that even if the community name is reset to something else, the new community name can be discovered by packet sniffing the network.

SNMP has had enough reported vulnerabilities that you are advised to disable it on your devices until SNMPv2 arrives. If you can’t disable it, at least make sure all SNMP-enabled devices are running the latest firmware.



Previous Topic/Section
Security Issues with Network Monitoring Tools
Previous Page
Pages in Current Topic/Section
1
Next Page
 3.1.11  Workstations
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.