Re: snmp & security

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 11/13/01 

Date: Tue, 13 Nov 2001 17:01:15 -0500 (EST)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: <tenfingers@ifrance.com>
Subject: Re: snmp & security
Message-ID: <Pine.LNX.4.30.0111131656150.5988-100000@biocserver.BIOC.CWRU.Edu>

On Sat, 10 Nov 2001 tenfingers@ifrance.com wrote:

> so i would like to know the risks of having snmpd started (and) is it
> possible to secure it ?

snmp insecurities are numerous. they include, but are not limited to:

plaintext authentication
simple password based authentication
plaintext transmissions
UDP transport protocol
known vulnerabilities in the popular SNMP implementations
        ie buffer overflows and such in UCD's

this is even taking into account good passwords and obscure community
strings.

to get around this you'll want access control, preferably strong
authentication for reads and writes, and some crypto at the
transport layer to provide for integrity checking and confidentiality.

IPsec makes a perfect choice here. combined with a firewall to restrict
any non IPsec traffic to that host and port, you can achieve much of the
security you'll need for safe SNMP on a live network.

alternatively, look at the cryptographically enhanced netcat tools aescat
and cryptcat. because SNMP uses UDP as its transport protocol, you can't
do generic SSH tunnels, which use TCP, without bridging the UDP to TCP (a
nasty hack, often involving netcat pipes). this will allow for a stream to
be secured. combined with a firewall you should get almost as much
security as an IPsec tunnel between the endpoints and the monitoring
station would achieve.

hope that helps,

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Relevant Pages

  • Security Vulnerabilities in SNMP (rev.16)
    ... Security Vulnerabilities in SNMP ... The information in the following Security Bulletin should be acted ... Vulnerabilities in SNMP request and trap handling. ...
    (comp.security.unix)
  • Security Vulnerabilities in SNMP (rev.16)
    ... Security Vulnerabilities in SNMP ... The information in the following Security Bulletin should be acted ... Vulnerabilities in SNMP request and trap handling. ...
    (comp.security.misc)
  • [UNIX] Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... in the SNMP daemon in the SGI IRIX ... The SNMP daemon is enabled by default on the IRIX operating system and is ...
    (Securiteam)
  • [NEWS] D-Link DWL-1000AP can be Compromised Due to Insecure SNMP Configuration
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... allows an attacker to gain the administrative password using a simple SNMP ... A MIB walk using the read-only SNMP community of 'public' (default ... read-only community for most devices) can allow an attacker access to the ...
    (Securiteam)
  • [EXPL] HP LaserJet Network Username and Information Enumeration
    ... Get your security news from a reliable source. ... HP LaserJet printers has an extensive administrative user interface ... provided over SNMP. ... HP LaserJet stores network information from document print requests, ...
    (Securiteam)