RE: SNMP service



Two things...

One, some devices have been found to leak sensitive information through SNMP
requests - you'll have to search the vulnerability databases to check your
devices.

Two, anybody who knows the community name now has a MAJOR tool to use to map
your internal network. Make sure you filter ALL SNMP requests at ALL of your
boundaries. (Think especially hard about the firewall between your VPN and
the internal network).

Three, are you going to push this down to the workstation level? That's a
lot of machines to police to prevent users from turning off that 'useless'
service...

-----Burton


-----Original Message-----
From: kathy.kirk@xxxxxxxxxxxxxx [mailto:kathy.kirk@xxxxxxxxxxxxxx]
Sent: Wednesday, February 08, 2006 4:57 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: SNMP service

We could us some guidance regarding SNMP. Below is the requirements we were
given and our proposed approach. What if any issues do you see with our
approach? Have you implemented something like this in your environment, and
if so, how many devices do you have conforming to a similar requirement?

Requirements: Using one standard community name, enable SNMP read
capabilities on all devices supporting SNMP services
throughout the corporate network, while mitigating risk of
any known vulnerability.

Approach: On all supported platforms (i.e. Windows, Solaris, Linux, AIX,
etc.) configure the SNMP Service using a unique community name
with read only rights and configure the community .name to accept
packets from specified trusted hosts.

thanks,
kathy


---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • [NEWS] D-Link DWL-1000AP can be Compromised Due to Insecure SNMP Configuration
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... allows an attacker to gain the administrative password using a simple SNMP ... A MIB walk using the read-only SNMP community of 'public' (default ... read-only community for most devices) can allow an attacker access to the ...
    (Securiteam)
  • SNMP versions and Community names
    ... I'm a bit of a newb to SNMP so be gentle. ... I'm trying to get a network monitoring tool working for the printers ... I've been attempting to configure the read and set community names on ... can walk the MIB using the MIB browser I know I've set the read ...
    (comp.protocols.snmp)
  • SNMP versions and their use of Community names
    ... I'm a bit of a newb to SNMP so be gentle. ... I'm trying to get a network monitoring tool working for the printers ... I've been attempting to configure the read and set community names on ... can walk the MIB using the MIB browser I know I've set the read ...
    (comp.protocols.snmp)
  • SNMP versions and Community names
    ... I'm a bit of a newb to SNMP so be gentle. ... I'm trying to get a network monitoring tool working for the printers ... I've been attempting to configure the read and set community names on ... can walk the MIB using the MIB browser I know I've set the read ...
    (comp.protocols.snmp)
  • D-Link DWL-1000AP can be compromised because of SNMP configuration
    ... used SNMP, I performed a MIB walk to obtain the ... default read-only community for most devices). ... accessing the HTTP configuration page of the ...
    (Bugtraq)