SNMP Service Security Analysis

Security has always been a key topic in the network. So here we will emphasize the security of the SNMP service. So how to implement security protection for the SNMP service? This article provides the following details for your reference.

When using the SNMP service, pay attention to its security. Therefore, in the operation, ensuring the security of the SNMP service is also the focus of our study. If it is really necessary for some devices to run SNMP, you must ensure the security of these devices.

The first thing to do is to determine which devices are running the SNMP service. Unless port scanning is performed on the entire network on a regular basis to fully master the services running on each machine and device, one or two SNMP services may be omitted.

Note that devices such as network switches and printers also run the SNMP service. Determine the running status of the SNMP service, and then take the following measures to ensure service security.

◆ Load patches for the SNMP service

Install the patch of the SNMP service to upgrade the SNMP service to version 2.0 or later. Contact the device manufacturer to learn about security vulnerabilities and patch updates.

◆ Protect SNMP communication strings

An important protection measure is to modify all default communication strings. Check and modify standard and non-standard communication strings one by one according to the instructions in the device documentation. Do not omit any character strings. If necessary, contact the manufacturer for detailed instructions.

◆ Filtering SNMP

Another protection measure that can be used is to filter SNMP communication and requests on the network border, that is, block the port used by SNMP requests on the firewall or VBR. Standard SNMP services use ports 161 and 162. Vendor-proprietary implementations generally use ports 199, 391, 705, and 1993.

After these ports are disabled, the ability of the external network to access the internal network is limited. In addition, you should write an ACL on the vro of the internal network, only a specific trusted SNMP management system is allowed to operate SNMP.

For example, the following ACL only allows SNMP communications from or to the SNMP Management System and limits all other SNMP communications on the network:

Access-list 100 permit ip host w. x. y any access-list 100 deny udp any eq snmp access-list 100 deny udp any eq snmptrap access-list 100 permit ip any the first line of the ACL defines Trust management System w. x. y ).

Use the following command to apply the preceding ACL to all network interfaces:

Interface serial 0 ip access-group 100 in short, the invention of SNMP represents a major improvement in network management, and it is still a powerful tool for efficient management of large networks.

However, earlier versions of SNMP are inherently insecure, even if the latest version has problems. Like other services running on the network, the security of the SNMP service cannot be ignored. Do not blindly ensure that the SNMP service is not running on the network. Maybe it hides on a certain device.

Network services that are essential already have too many worrying security issues, so it is best to disable services that are not necessary such as SNMP-at least try to ensure their security.