What To Do About SNMP Vulnerabilities
Given that warnings about security vulnerabilities in SNMP have gone out to miscreants as well as the rest of the world, it is paramount that network managers secure their borders as soon as possible. Learn what steps you should take in this article.
SMNP is used to manage and monitor all sorts of equipment including computers, core router switches, broadband devices, printers, and sniffers. The protocol works by sending Protocol Data Units (PDUs) to different parts of the network. Agents, devices which are made SNMP-compliant devices, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters.
SNMP supports five different types of messages:
There has been some discussion on what network managers should do, given that several major brands of firewalls utilize SNMP, and may therefore be vulnerable themselves, but prudence would seem to dictate that until the appropriate patches are applied, those ports which use SNMP should be shut down for the nonce.
Double-check that your firewalls are filtering out unauthorized SNMP data traffic, and you may consider disabling equipment that uses SNMP services for which patches are not yet available.
This article was first published on CrossNodes, an internet.com site.
By Paul Desmond
February 12, 2002
The vulnerabilities reported Tuesday in Simple Network Management Protocol, the ubiquitous software used to monitor and manage all sorts of networked devices, rate extremely high in the three variables used to measure the severity of a security flaw.