Security, SNMP Recommendations

Security recommendations for SNMP

Overview

SNMP (Simple Network Management Protocol) is a stateless protocol which delivers detailed, technical system and state information. It is used by data center personnel, network engineers, and sysadmins primarily for system monitoring, inventory control, and troubleshooting. While SNMP can successfully be used for system management, its presence on a network can present security problems.

Security Issues

Information

SNMP is designed to supply detailed technical information about the hardware on which it runs. The technical data available are as useful to an attacker as they are to legitimate technical staff.

Enabled by default

Many appliances, network devices, printers, and embedded devices start an SNMP listener by default. When started unbeknownst to system engineers, the service will not be configured or managed so as to limit abuse.

Default credentials

SNMP uses credentials called “community strings”. In an overwhelming majority of devices have “read-only” and “read-write” default accounts’ (called “community names”) community strings are pre-set to “public” and “private”, respectively.

Configuration remotely accessible with write access

The read-write community name lets people remotely configure SNMP devices, such as turning ports on or off and enabling/disabling features.

Unencrypted

Except for SNMPv3, SNMP information traversing a network does so in the clear and is vulnerable to eavesdropping.

Vulnerable to brute-force attacks

SNMP (even SNMPv3) does not use a challenge-response handshake during authentication, allowing dictionary attacks against community strings and encryption keys

Recommendations

1) Audit SNMP instances on your network. SNMP will be listening on UDP ports 161 or 162

a) Review device configurations, especially printers, network gear, and other embedded devices.

2) Disable SNMPwherever a given instance meets any of the following criteria:

 a) SNMP not required by technical support staff.

 b) No approved technical or business need for SNMP.

c) SNMP instance is not managed.

d) Default or weak community string(s) set in SNMP.

e) SNMP instance is accessible by untrusted networks or entities.

3) Allow SNMP for managed, approved SNMP instances meeting the following criteria:

a) Use only SNMPv3 or better. Plaintext SNMPv2 and SNMP v1 are unsupported and considered extremely risky at the time of this writing. 

b) Default community strings changed; Community strings set using secure password standard.

c) Read-write community name removed completely if possible

d) SNMP interface only on access-restricted, trusted networks, preferably a private management network.

4) Add steps to audit system and/or device deployment verifying running services, such that unintended or default services can be caught and disabled before a system is deployed.

Summary

A service that is running unmanaged, with default credentials, and which will deliver detailed hardware, identity, configuration, and state information to any requestor is a liability. Positive steps should be taken to eliminate all unmanaged SNMP instances and secure all others.