Firewall Wizards mailing list archives

Re: SNMP through internal firewall

From: Bill_Royds () pch gc ca
Date: Tue, 3 Jul 2001 22:36:12 -0400

There are 3 versions of SNMP.
SNMPv1 (still most commonly used) has NO security at all. All information is
plaintext with no password other than a common "community" string that each
system sharing data uses as signon. It should never be used  over any possibly
hostile network.
SNMPv2 has a bit more security in that it can be set up to restrict access to
particular IPs or MAC addresses but it still uses the shared community string as
password and uses unencrypted data in its Management Information Blocks  (MIB).
SNMPv3 is now fairly secure but it is harder to find on devices and can be
difficult to set up, especially through firewalls.

Because SNMP v1 and v2 use a common community string, any cracker that gets a
hold of it (and it is sent in plain text) has access to all you SNMP network
based information, including internal IP structure, hardware types, MAC
addresses and usage counts. Consider it high risk.
I would do a lot of reading on SNMP and how it works before using it on an
unprotected network.





Pierre-Yves BONNETAIN <bonnetain () acm org> on 07/03/2001 03:30:19
                                                              
                                                              
                                                              
 To:      firewall-wizards () nfr net                            
                                                              
 cc:                                                          
                                                              
                                                              
                                                              
 Subject: [fw-wiz] SNMP through internal firewall             
                                                              




   Hello everybody,

   I have some questions regarding SNMP and its security. I'm not a wizard of
this protocol, so I turn to the list...

   First, are there specific risks linked to the use of SNMP (for
network monitoring currently) on an 'open' network (no internal filters) ? Does
this protocol have weaknesses, caveats or problems we should be aware of ?

   Second, on our network we have a 'restricted' area (say, it's the
boss' network) which is out limits, even for an internal computer. This
restricted area is protected by its own firewall, with its own rules, etc.
Basically, what happens on this network is nobody's business except for those
who are directly connected on it.
   We are currently asked to let SNMP through the internal fw, for Netview to
check the operational status of the 'hidden' computers.
   In this respect, are there any risks, other than knowing that such computer
is currently alive or is down ?
   Tia,
--
-+-+ Pierre-Yves BONNETAIN (aka Pyb)
     Consultant Internet/Sécurité --- B & A Consultants
     Tel : 0 563.277.241 - Fax : 0 563.277.245






_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

SNMP through internal firewall Pierre-Yves BONNETAIN (Jul 03)
- <Possible follow-ups>
- Re: SNMP through internal firewall Bill_Royds (Jul 05)
  - Re: SNMP through internal firewall Pierre-Yves BONNETAIN (Jul 05)
    - Re: SNMP through internal firewall Oddbjorn Steffensen (Jul 07)