December 2, 2022

Is upgrading to SNMP v3 sufficient to secure network devices?


I read that a remote attacker could break into an organization’s network infrastructure by abusing Simple Network …

Network devices compatible with the management protocol or SNMP. How can we stop this attack?

Upgrading to SNMP v3 for the highest level of security is not sufficient to prevent an attacker from abusing SNMP-enabled network devices to access corporate network infrastructure from any computer . The attacker could exploit poor separation of roles, for example.

If a legitimate administrator has not separated user and group roles, then all roles have the same password and SNMP read and write permissions. All users have the same SNMP views of a database called the Management Information Base (MIB).

This flaw would give the attacker unlimited SNMP views of the entire database. The SNMP view command excludes a list of database MIB objects to be displayed. When SNMP v3 traffic is attacked, the entire network can be impacted.

To stop the attack, US-CERT recommends administrators:

  • Configure SNMP v3 to use authpriv, the highest level of security for authentication and privacy on most devices.
  • Separate the roles and assign the appropriate credentials for each. SNMP managers are allowed to read traps or alerts indicating that something is wrong on the network from a remotely activated device. Write permissions are denied to them.
  • To apply access control lists to prevent unauthorized computers from accessing the device.
  • Limit the SNMP views of MIB database users based on the roles assigned to the users. The SNMP v3 view command is limited to SNMP object identifiers that point to MIB objects in the database. All other MIB objects not assigned to a role are excluded.
  • Separate SNMP traffic into a separate network management network, such as out of band. A dedicated network port should be the only link for SNMP v3.
  • Update system images and software as they become available.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now by email. (All questions are anonymous.)

Next steps

Learn to monitor an environment with simple network management protocol

Find out how to use the Net-SNMP agent for systems management

Find out which advantages SNMP monitoring tools offer companies

This was last published in august 2017

Learn about network access control technologies

Source link