back to article Network Management Systems are a 'treasure map' for hackers

Network Management Systems are far more easily attacked than previously reckoned, according to new research by Rapid7. The firm behind the popular Metasploit penetration testing tool warns that vulnerabilities in systems used to manage network elements (routers, servers, printers and more) offers attackers a “treasure map” of …

  1. Pirate Dave Silver badge
    Pirate

    FINALLY!!!!

    My lackadaisical work ethic, and skinflint hatred of spending money, has FINALLY PAID OFF!

    1. Ragarath

      Re: FINALLY!!!!

      I take it you don't have one of these then ;)

  2. Herby

    You are...

    In a maze of twisted passages all alike.

    SNMP is your guide.

    1. Throatwarbler Mangrove Silver badge
      Unhappy

      Re: You are...

      . . . fucked.

  3. Crazy Operations Guy

    Worth the risk

    It'd take an attacker a few minutes to get nmap installed on a machine and some SNMP management tools, if they aren't already installed as part of the base OS. Refusing to use Network Management software because of the security risk is like gouging your eyes out so an attacker can't blind you. Besides, if an attacker is already far enough into your network that the security of the NM server is a factor, you have already lost.

    Of course it is important to consider security in such cases, such as using only SNMPv3 on devices that support it, firewalling devices that only support v1 or v2, and using unique and secure community strings (and not just reusing the same string for everything).

    1. jockmcthingiemibobb

      Re: Worth the risk

      Surely anyone that knows how to use SNMP knows how to implement a simple firewall rule? Can't think of a single reason I'd give anything SNMP write access to.

      1. Down not across Silver badge

        Re: Worth the risk

        Surely anyone that knows how to use SNMP knows how to implement a simple firewall rule? Can't think of a single reason I'd give anything SNMP write access to.

        The M in SNMP is Management, not monitoring despite the fact that monitoring might be the more common use these days. Just as an example I do find managing vlans on cisco catalyst via SNMP quite useful especially when testing things.

        Your point about firewalls definitely stands.

      2. Crazy Operations Guy

        Re: Worth the risk

        "Surely anyone that knows how to use SNMP knows how to implement a simple firewall rule?"

        You'd be surprised... I worked with a client a few months ago that had a bunch of Linux-based Web Servers where that they managed over SNMP. They changed the port number, but it was still accessible from the outside.

        As for write access, I've seen a lot of cheap layer-2 switches that can only be managed over SNMP. Not much to configure other than VLAN or PoE parameters. There are also a couple of the lower-end work group printers that require SNMP to configure.

  4. JassMan Silver badge
    Holmes

    Users of these products

    "Users of these products are urged to ensure they are running the latest versions of the software."

    In these days when even the assumed most bomb-proof (been running for a decade without a problem) programs turn out to have attack vectors, users of any products should ensure they are running the latest versions of the software.

  5. kbannan

    It's also worth pointing out that all of those devices should be protected, too. Even if someone got in they can't do anything if the endpoints are locked down. Are devices configured securely? For instance, are you managing your printers with policy-based print security compliance tools? Are there firewalls in place? Are you monitoring network traffic for anomalies?

    Karen Bannan for IDG and HP

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021