> Hello everyone!
>
> Does any of you know of any security hole that are related to the use
> of SNMP? Can someone break into a network by using any SNMP based tool?
> What are the recommended filters to put into the routers and/or servers
> in order to avoid any break-through? (using Cisco routers, Linux and
> NT servers) ...
> TIA for any feedback...
Yes,
SNMPv1 passes community names in plain text, and anyone with a packet
sniffer along the route that the packet takes will be able to capture
the read-write community name. If this is captured, they have the
ability to modify or destroy router configs etc... Depending on the
level of control incorporated into each hardware vendors private MIB
structure, (and whether those devices are manageable on your private
network) they can do a heck of a lot of damage to other devices as
well. Access lists on the routers should be more than sufficient to
prevent outside management attempts (even if the community names had
been captured), however firewalling to the application layer to
prevent outside management would significantly bolster your security
level.
Personally I've always maintained that any level of security that first
'accepts' a lack of physical security is worthless. So, I guess what
I'm saying is, if you can't keep a guy with a sniffer outta yer network,
then keeping everyone else out is an exercise in futility.
Respectfully,
Greg Barnes
Webnology LLC
________________________________________________
|\===============W=E=B=N=O=L=O=G=Y===============\
greg @
webnology .
com Phone (830)768-2292
noc @
webnology .
com FAX (830)774-1518
|/===============W=E=B=N=O=L=O=G=Y===============/
'If you're a horse and someone gets on you and
falls off, then gets right back on you...I think
you should buck him off right away'
-- Deep Thoughts, By Jack Handey
|
|
