This week, cert warned that a simple Network Management Protocol (SNMP) network was threatened with hacking, and that without any indication, intruders could take over your network, control the traffic, or disrupt normal business in the network. Fortunately, the solution to this problem has been announced, although the implementation process is tedious, but the process of patching the vulnerability is fairly straightforward.
£
SNMP is a standard management protocol in TCP/IP networks that allows various devices and software in the network, including switches, routers, firewalls, hubs, and even operating systems, server products and components, to communicate with management software to report on their current behavior and status. However, SNMP can also be used to control these devices and products, redirect traffic, change the priority of communication packets, and even disconnect communications. In short, if the intruder has the ability, he can take over your network completely.
£
To protect the network, you should complete the following steps. First, to ensure network security, shut down SNMP before installing the appropriate patches from network devices and software vendors, and carefully check each SNMP-running router, switch, hub and server in the network, and whether SNMP is shut down for each application.
£
The second step is to download and install patches for all parts of the device and software before opening SNMP. Cisco is the supplier of 85% of networked hardware devices, and today it has pledged to patch this vulnerability, and some vendors have released patches for this vulnerability.
£
The third step, to ensure that the firewall has been set to block external network SNMP access. It is important to note that the firewall also has SNMP enabled, so you should also make sure that the firewall also has the appropriate patches installed. In order to block the external network SNMP access, SANS Institute recommended to shut down the extranet TCP and UDP port 161, 162 access, for Cisco products, it should also turn off the external network UDP port 1993 access. If your enterprise has network devices outside the firewall, and these devices must use SNMP (such as the Internet router), first make sure that the devices have the appropriate patches installed.
£
Note that this type of SNMP vulnerability is not the only hardware device. This vulnerability also exists in Windows (excluding XP), Linux, some versions of UNIX, some mail servers and commercial servers, and some management tools including HP OpenView and CA Unicenter. This means that if you are using network management tools to monitor and control your network, you may have to use manual monitoring of the network before all devices and applications have a patch installed for that vulnerability.
£
On the other hand, if you can make sure that the firewall settings are correct and that the firewall itself is free of vulnerabilities, you may spend less time. But you should also monitor all the devices and software behind the firewall, as well as the firewall itself, to ensure that your network is not an intruder's target, and that every possible Internet access point is protected by the firewall.
£
Now is it possible to breathe a sigh of relief?
£
This is definitely not going to work! We can not relax our vigilance at all times for network security, solve a problem, and the next question waiting for us.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
