Understanding SNMP Vulnerabilities By Latha Sudharshan Vasudha Yaramala
Introduction What is a Network Management Protocol? SNMP most widely used Oulu University Secure Programming Group (OUSPG) Goal : describe SNMP vulnerabilities, its impact and solutions
SNMP Overview A standard protocol to manage networks and systems An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (Managers). Where does SNMP pitch in?
SNMP Vulnerabilities How is SNMP vulnerable? SNMP vulnerabilities Multiple vulnerabilities in SNMPv1 request handling Multiple vulnerabilities in SNMPv1 trap handling
Impact Specific impact may vary from product to product Unexpected input to agents and managers will lead to unexpected results Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in: denial-of-service conditions buffer overflows allow an attacker to gain unauthorized, privileged access to the affected device viruses and worms
Solution Apply patch from vendor Disable the SNMP service Ingress filtering Filter SNMP traffic from non-authorized internal hosts Change default community strings Segregate SNMP traffic onto a separate management network Egress filtering Share tools and techniques
Conclusion SNMP – widely used but not perfect Emerging SNMP versions 2 and 3 Ignorance is *not* bliss when it comes to network security