This is cache of http://www.stillsecureafteralltheseyears.com/ashimmy/2008/03/snmp---its-not.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
SNMP - Its not Secure Network Management Protocol
2008-03-04 09:12:43 by ashimmy in StillSecure, After All These Years
 

As I have written before, I always laugh when I remember speaking to a potential NAC customer who had recently met with a NAC competitor of ours.  We got around to discussing enforcement options and the customer was hell bent on using SNMP to have his switches enforce access policies.  I explained to him that since he had switches from at least 3 different vendors and different models of switches from each of those vendors, the idea of scripting each of those switches and than updating each of them every time there was a change was a lot of work. He understood that but was willing to put up with the extra work for the added security that SNMP afforded him over 802.1x.  Amazed, I informed him that SNMP is not usually thought of as very secure and that 802.1x while not perfect, had many advantages in terms of security over SNMP.  Than the kicker! The prospect told me I must be mistaken, after all SNMP stood for Secure Networking Management Protocol, didn't it?  When I stopped laughing I asked him where he heard that.  He told me that the NAC vendor he spoke to before me told him that and touted how by using SNMP he was getting the most secure method of NAC.  After all SNMP was designed for security!  Well after some quick Google searching, he quickly found out that the other NAC vendor was feeding him a line and it made me and StillSecure golden in his eyes.

I never forget that story and am reminded of it every time I read about a security hole around SNMP. This week came two reports of SNMP vulnerabilities in DarkReading.  One by Kelly Jackson Higgins details a report that researchers doing a simple SNMP scan over the Internet turned up over 5000 devices that reported back with names, models and even patch levels.  The devices were not off brands either, but Cisco, Apple and Microsoft devices.  This underscores how leaky SNMP can be if you don't lock it down right. 

This report came on the heels of an earlier report by Kelly that researchers had discovered a new attack vector of using SNMP in a persistent XSS attack.  Just another reason to lock down your SNMP capable equipment. By the way, for those of you wondering, SNMP stands for simple networking management protocol.

 
Tags: snmp, snmp stands, snmp vulnerabilities, snmp capable equipment, snmp stood, simple snmp scan, potential nac customer, customer, leaky snmp
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia