1 / 14

Introduction to SNMP

“ Vulnerabilities in SNMP Implementations ” CSCI 5931- Web Security Instructor: Dr. Andrew Yang Presented By: Harini Varatharajan. Introduction to SNMP. What is SNMP ? SNMP Components Agents ( Managed device) Managers ( Management Entity) Network Management System ( NMS)

jgloria
Télécharger la présentation

Introduction to SNMP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Vulnerabilities in SNMP Implementations” CSCI 5931- Web SecurityInstructor: Dr. Andrew YangPresented By: Harini Varatharajan

  2. Introduction to SNMP • What is SNMP ? • SNMP Components • Agents ( Managed device) • Managers ( Management Entity) • Network Management System ( NMS) • SNMP Management Information Base

  3. SNMP Architecture

  4. SNMP Communications • Protocol Data Unit (PDU) message type • GetRequest • GetNextRequest • GetResponse • SetRequest • Traps • UDP Port 161 for Gets and Sets • UDP Port 162 for Traps

  5. Why the Concern about vulnerability ? • CERT/CC SNMP Advisory • Issued Feb 12th, 2002 • Identified multiple vulnerabilities • OUSPG PROTOS Project • Tested HTTP, WAP/WSP, LDAP and SNMP • Additional protocol testing will follow • SNMP is huge target • Nearly every device from every vendor could be affected • Many exploits are theoretically possible • A few exploits work now • More exploits will be developed

  6. SNMP Problems • Community String access modes • READ-ONLY • READ-WRITE • Passed in clear text • Limited error handling • Additional exceptions must be handled by vendor’s implementation • Violations to Basic Encoding Rules of ASN.1 • Invalid variable types

  7. Where the Vulnerabilities are? • Trap handling • Request handling • What makes things worse ? • Insecure settings • Spoofing

  8. Impact • Denial of service attacks • Format String Vulnerability • Unstable behaviors • Unauthorized privileged access • Buffer overflows - Crash SNMP agent - Reboot device - Overwrite valid SNMP variables - Overwrite other applications or OS - Allow unauthorized access

  9. Solutions • SNMP scanners • SNScan Windows based utility by Foundstone • CERT Advisory Implications • Apply patch from vendor • Disable SNMP service • Ingress filtering • Egress filtering • Filter SNMP traffic from non-authorized internal hosts • Change default community strings • Update signatures from vendors • Segregate SNMP traffic onto a separate management network

  10. Solutions • Other Solutions • Protect Network perimeter • Protect Management systems • Manage Community strings • Eliminate or protect other access • Limit Network access • Watch for uncharted access and services • Play it safe with vendors, partners, customers and employees

  11. Will SNMPv3 Help? • Advantages • Improved authentication and access control • Encryption of SNMP packets • Remote management of SNMP agents • Disadvantages • Additional overhead • RFCs have yet to be adopted as a standard • Few vendors have working implementations in their hardware/ software • Existing implementations may still be vulnerable to buffer overflow exploits

  12. The Bottom Line • SNMP exploits are real • Integration of network management and security is imperative • Time to rethink overall network management strategy including architecture, applications and future direction.

  13. References • “CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP),” 12 Feb. 2002, (current 11 March 2002). • “PROTOS: Security Testing of Protocol Implementations,” 19 July 2001 (current 11 March 2002). • “PROTOS Test-Suite: c06-snmpv1,” 12 Feb. 2002 (current 11 March 2002). • “M-042: Multiple Vulnerabilities in Multiple Implementations of SNMP,”12 Feb. 2002 (current 11

  14. Questions ?

More Related