Re: SNMP security

From: Jason (jasons_at_hotmail.com)
Date: 02/08/05 

Date: Tue, 8 Feb 2005 17:57:29 -0500

Thanks both of you Roger and Kenobi for your input:

-What I understand is w2k3 use SNMP v2 but compatible with v1, W2k use snmp
v1? v1 is most vulnerable.
- The S stands for simple not secure , especially when the community names
are hard coded and can be captured in clear text using silent attack like
sniffing.
- Read-write security will put our position even in a worse condition for
attack. Once the community name is discovered / sniffed/ exposed , an
"snmpset" utility can shut down the machines easily.
- I am looking for concurrence from the experts that the risk associated
with SNMP read-write doesn't justify to loosen the security on a harden
system ,leaving this as a back door - while running IPsec is "too much" just
for one purpose.
- If Micorosoft could have their SNMP conform to v3 standard it will be much
better.

Jason

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:l76Od.139$bc1.55@newsfe3-win.ntli.net...
> "Jason" <jasons@hotmail.com> wrote in message
> news:OzymMvmCFHA.3888@TK2MSFTNGP09.phx.gbl...
>> Hi everyone,
>> We are planning to change the snmp security from read only to read write
> on
>> all our servers (w2k and w2k3 ),, include W2K domain controllers.
>> What are the potential security issues on having SNMP security changed
> from
>> Read to Read -write on windows 2000 and windows 2003 servers ?
>> The reason for the change is that we are pslnning to use Compaq Insight
>> manager to push out the system BIOS to update our servers.
>
> "Security" and "SNMP" are related only insofar as they both begin with the
> letter "S" ;o)
>
> I would suggest that, if possible, you look at disallowing SNMP traffic
> from
> anywhere other than your chosen servers (i.e. block world'n'dog, but
> permit
> CIM servers).
>
> It seems like an "interesting" way to update the BIOS - I take it that
> you've tested everything, to make sure that reverting to a default
> configuration won't leave you with a heap of "dead" boxes?
>
> --
>
> Hairy One Kenobi
>
> Disclaimer: the opinions expressed in this opinion do not necessarily
> reflect the opinions of the highly-opinionated person expressing the
> opinion
> in the first place. So there!
>
>

Relevant Pages

  • Re: SNMP security
    ... The S stands for simple not secure, especially when the community names ... with SNMP read-write doesn't justify to loosen the security on a harden ... If Micorosoft could have their SNMP conform to v3 standard it will be much ... the opinions expressed in this opinion do not necessarily ...
    (microsoft.public.win2000.security)
  • [NEWS] D-Link DWL-1000AP can be Compromised Due to Insecure SNMP Configuration
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... allows an attacker to gain the administrative password using a simple SNMP ... A MIB walk using the read-only SNMP community of 'public' (default ... read-only community for most devices) can allow an attacker access to the ...
    (Securiteam)
  • Re:snmp
    ... Subject: snmp ... > I am responsible of the security in my company. ... > the networks Snmp and that the community is public. ... Check out our Advanced Hacking ...
    (Pen-Test)
  • Security Vulnerabilities in SNMP (rev.16)
    ... Security Vulnerabilities in SNMP ... The information in the following Security Bulletin should be acted ... Vulnerabilities in SNMP request and trap handling. ...
    (comp.security.misc)
  • Security Vulnerabilities in SNMP (rev.16)
    ... Security Vulnerabilities in SNMP ... The information in the following Security Bulletin should be acted ... Vulnerabilities in SNMP request and trap handling. ...
    (comp.security.unix)