[SP-pm] Monitorar processos gerados pelo system

Lindolfo "Lorn" Rodrigues lorn.br at gmail.com
Mon Nov 23 11:34:55 PST 2009


Direto da wikipedia:http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications<%20http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications>
Security implications

   - SNMP versions 1 and 2c are subject to packet
sniffing<http://en.wikipedia.org/wiki/Packet_sniffer>of the clear text
community string from the network traffic, because they do
   not implement encryption.
   - All versions of SNMP are subject to brute
force<http://en.wikipedia.org/wiki/Brute_force_attack>and dictionary
   attacks <http://en.wikipedia.org/wiki/Dictionary_attack> for guessing the
   community strings/authentication strings/authentication keys/encryption
   strings/encryption keys, because they do not implement a challenge-response
   handshake<http://en.wikipedia.org/wiki/Challenge-handshake_authentication_protocol>.
   Entropy <http://en.wikipedia.org/wiki/Information_entropy> is an
   important consideration when selecting keys, passwords and/or algorithms.
   - Although SNMP works over
TCP<http://en.wikipedia.org/wiki/Transmission_Control_Protocol>and
other protocols, it is most commonly used over
   UDP <http://en.wikipedia.org/wiki/User_datagram_protocol> that is
   connectionless and vulnerable to IP
spoofing<http://en.wikipedia.org/wiki/IP_spoofing>attacks. Thus, all
versions are subject to bypassing device access lists
   that might have been implemented to restrict SNMP access, though SNMPv3's
   other security mechanisms should prevent a successful attack.
   - SNMP's powerful configuration (write) capabilities are not being fully
   utilized by many vendors, partly due to lack of security in SNMP versions
   before SNMPv3 and partly due to the fact that many devices simply are not
   capable of being configured via individual mib object changes.
   - SNMP tops the list of the SANS
Institute's<http://en.wikipedia.org/wiki/SANS_Institute>Common Default
Configuration Issues with the issue of default SNMP community
   strings set to ‘public’ and ‘private’ and was number ten on the SANS Top
   10 Most Critical Internet Security
Threats<http://www.sans.org/top20/2000/>for the year 2000.



2009/11/23 Nelson Ferraz <nferraz em gmail.com>

> > O RIPE NCC implementou monitoramento SNMP nas suas redes internas,
> > e garante a segurança da informação com roteamento  e Tagged Virtual
> Networks
> > access control.
>
> Acho que o Luis matou a discussão sobre a segurança do SNMP.
>
> O RIPE NCC é o responsável pela internet em toda a Europa. Acho que
> não existe operação mais crítica do que essa, né?
>
> E podemos citar inúmeros outros exemplos de empresas que usam SNMP.
>
> Até porque, quando você avalia riscos e benefícios, a monitoração é um
> importante fator de segurança.
> _______________________________________________
> SaoPaulo-pm mailing list
> SaoPaulo-pm em pm.org
> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>



-- 
lorn at lornlab dot org
Lindolfo "Lorn" Rodrigues
-------------- Pr?xima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20091123/09fd4da8/attachment.html>


More information about the SaoPaulo-pm mailing list