SNMP uses UDP packets on ports 161 and 162 for communication between agents and managers, and these should of course be blocked wherever possible -- not only on interfaces with public networks, but internally wherever they aren't actively needed for management. Some systems also use TCP on ports 199 and 705, and it is possible to configure SNMP to use different ports altogether. Filtering is one of the most important tools to protect against attacks; even where you let SNMP packets through a firewall you should limit them to known management addresses. Alternatively, consider having an entirely separate network for management traffic: think of SNMP as the nervous system of your network, and treat it with appropriate respect. You should also make sure that none of the default settings for SNMP security are still in place: these are well-known and notoriously easy to overlook when new equipment is installed. As is SNMP itself: just because you don't use it doesn't mean it's not there. Many firewalls, routers, wireless gateways and other systems that are based on embedded Unix software will have SNMP capabilities, as can operating systems such as Windows and Linux. Any system with SNMP enabled is vulnerable to exploitation: check everything on the network, right down to the printers. Make sure that you have the latest patches for all your SNMP systems, and if you can't be sure that your vendor has correctly assessed the problem and come up with an answer then take the affected systems offline until it's fixed. As with any vulnerable system, a compromised SNMP component can be used to launch further attacks on the network to which it is connected, no matter how minor the component or how normally it seems to be running. CERT has collected much information on what systems are vulnerable and how to cope with problems, and its Web site is a great place to start. SNMP when correctly used and maintained is an essential part of normal network operations, but people everywhere have been lax in maintaining its security. Now nobody will be able to claim they weren't warned.
Networks and networking products have seen huge innovation and growth in the last few years. High bandwidth LANs and Storage Area Networks are now in common use. ZDNet UK's Networking Central keeps you up to date with the latest news and views.
Have your say instantly, and see what others have said. Go to the Telecoms forum.
Let the editors know what you think in the Mailroom.
