What is it?

Simple Network Management Protocol (SNMP) is used by network administrators to monitor and control devices (computers, routers, printers, etc.) remotely. There are 3 versions of SNMP. SNMP uses ports 161 and 162.

Wikipedia (link below) provides a good overview of the versions, capabilities and security implications of SNMP.

Why is it a risk?

Being able to control devices remotely is inherently both powerful and dangerous.

All three versions of SNMP have vulnerabilities. Versions 1 & 2 send data unencrypted which allows attackers to eavesdrop on the commands and responses. While version 3 uses encryption and authentication keys, it can be manipulated to override the keys being used.

How can you mitigate the risk?

  • Turn SNMP off on devices if you are not using it.
  • Disallow SNMP across the Internet using firewall rules; either disallow all traffic on ports 161 & 162 or limit access to specific IP addresses or Mac Addresses.
  • Switch to SNMPv3; it’s much more secure than versions 1 or 2.
  • Don’t use the default “community read string.” Create a strong community string at least 20 characters long using the same rules that you would use for generating passwords.
  • Don’t use NoAuthNoPriv mode in version 3; it makes version 3 act more like version 2.

Resources:

Wikipedia SNMP
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

Share →