Simple Network Management Protocol - Security Implications

Security Implications

  • SNMP versions 1 and 2c are subject to packet sniffing of the clear text community string from the network traffic, because they do not implement encryption.
  • All versions of SNMP are subject to brute force and dictionary attacks for guessing the community strings, authentication strings, authentication keys, encryption strings, or encryption keys, because they do not implement a challenge-response handshake.
  • Although SNMP works over TCP and other protocols, it is most commonly used over UDP that is connectionless and vulnerable to IP spoofing attacks. Thus, all versions are subject to bypassing device access lists that might have been implemented to restrict SNMP access, though SNMPv3's other security mechanisms should prevent a successful attack.
  • SNMP's powerful configuration (write) capabilities are not being fully utilized by many vendors, partly because of a lack of security in SNMP versions before SNMPv3 and partly because many devices simply are not capable of being configured via individual MIB object changes.
  • SNMP tops the list of the SANS Institute's Common Default Configuration Issues with the issue of default SNMP community strings set to ‘public’ and ‘private’ and was number ten on the SANS Top 10 Most Critical Internet Security Threats for the year 2000.

Read more about this topic:  Simple Network Management Protocol

Famous quotes containing the words security and/or implications:

    The horror of class stratification, racism, and prejudice is that some people begin to believe that the security of their families and communities depends on the oppression of others, that for some to have good lives there must be others whose lives are truncated and brutal.
    Dorothy Allison (b. 1949)

    Philosophical questions are not by their nature insoluble. They are, indeed, radically different from scientific questions, because they concern the implications and other interrelations of ideas, not the order of physical events; their answers are interpretations instead of factual reports, and their function is to increase not our knowledge of nature, but our understanding of what we know.
    Susanne K. Langer (1895–1985)