I read that a remote attacker could break into an organization’s network infrastructure by abusing Simple Network …
Network devices compatible with the management protocol or SNMP. How can we stop this attack?
Upgrading to SNMP v3 for the highest level of security is not sufficient to prevent an attacker from abusing SNMP-enabled network devices to access corporate network infrastructure from any computer . The attacker could exploit poor separation of roles, for example.
If a legitimate administrator has not separated user and group roles, then all roles have the same password and SNMP read and write permissions. All users have the same SNMP views of a database called the Management Information Base (MIB).
This flaw would give the attacker unlimited SNMP views of the entire database. The SNMP view command excludes a list of database MIB objects to be displayed. When SNMP v3 traffic is attacked, the entire network can be impacted.
To stop the attack, US-CERT recommends administrators:
- Configure SNMP v3 to use authpriv, the highest level of security for authentication and privacy on most devices.
- Separate the roles and assign the appropriate credentials for each. SNMP managers are allowed to read traps or alerts indicating that something is wrong on the network from a remotely activated device. Write permissions are denied to them.
- To apply access control lists to prevent unauthorized computers from accessing the device.
- Limit the SNMP views of MIB database users based on the roles assigned to the users. The SNMP v3 view command is limited to SNMP object identifiers that point to MIB objects in the database. All other MIB objects not assigned to a role are excluded.
- Separate SNMP traffic into a separate network management network, such as out of band. A dedicated network port should be the only link for SNMP v3.
- Update system images and software as they become available.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now by email. (All questions are anonymous.)
Learn to monitor an environment with simple network management protocol
Find out how to use the Net-SNMP agent for systems management
Find out which advantages SNMP monitoring tools offer companies
This was last published in august 2017
Learn about network access control technologies
Related questions and answers from Judith Myerson
Benefits of Site-to-Site VPN Security and Potential Risks
Not all businesses need the functionality of a standard VPN client. A site-to-site VPN may be a better choice for some businesses, but it’s not … Continue Reading
Should I be concerned about the constrained application protocol?
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue reading
How can I protect my self-encrypting drives?
Dutch researchers have discovered security flaws in ATA and TCG Opal affecting self-encrypting drives. What steps can you take to protect the data stored on … Continue reading