<h2><font size="2"><span style="font-weight: normal;">Direto da wikipedia:<a href="%20http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications"> http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications</a></span><br>
<span class="mw-headline" id="Security_implications"></span></font></h2><h2><font size="2"><span class="mw-headline" id="Security_implications">Security implications</span></font></h2>
<ul><li>SNMP versions 1 and 2c are subject to <a href="http://en.wikipedia.org/wiki/Packet_sniffer" title="Packet sniffer" class="mw-redirect">packet sniffing</a> of the clear text community string from the network traffic, because they do not implement encryption.</li>
<li>All versions of SNMP are subject to <a href="http://en.wikipedia.org/wiki/Brute_force_attack" title="Brute force attack">brute force</a> and <a href="http://en.wikipedia.org/wiki/Dictionary_attack" title="Dictionary attack">dictionary attacks</a>
for guessing the community strings/authentication
strings/authentication keys/encryption strings/encryption keys, because
they do not implement a <a href="http://en.wikipedia.org/wiki/Challenge-handshake_authentication_protocol" title="Challenge-handshake authentication protocol">challenge-response handshake</a>. <a href="http://en.wikipedia.org/wiki/Information_entropy" title="Information entropy" class="mw-redirect">Entropy</a> is an important consideration when selecting keys, passwords and/or algorithms.</li>
<li>Although SNMP works over <a href="http://en.wikipedia.org/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">TCP</a> and other protocols, it is most commonly used over <a href="http://en.wikipedia.org/wiki/User_datagram_protocol" title="User datagram protocol" class="mw-redirect">UDP</a> that is connectionless and vulnerable to <a href="http://en.wikipedia.org/wiki/IP_spoofing" title="IP spoofing" class="mw-redirect">IP spoofing</a>
attacks. Thus, all versions are subject to bypassing device access
lists that might have been implemented to restrict SNMP access, though
SNMPv3's other security mechanisms should prevent a successful attack.</li><li>SNMP's powerful configuration (write) capabilities are not being
fully utilized by many vendors, partly due to lack of security in SNMP
versions before SNMPv3 and partly due to the fact that many devices
simply are not capable of being configured via individual mib object
changes.</li><li>SNMP tops the list of the <a href="http://en.wikipedia.org/wiki/SANS_Institute" title="SANS Institute">SANS Institute's</a>
Common Default Configuration Issues with the issue of default SNMP
community strings set to ‘public’ and ‘private’ and was number ten on
the SANS <a href="http://www.sans.org/top20/2000/" class="external text" rel="nofollow">Top 10 Most Critical Internet Security Threats</a> for the year 2000.</li></ul><br><br><div class="gmail_quote">2009/11/23 Nelson Ferraz <span dir="ltr"><<a href="mailto:nferraz@gmail.com">nferraz@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">> O RIPE NCC implementou monitoramento SNMP nas suas redes internas,<br>
> e garante a segurança da informação com roteamento e Tagged Virtual Networks<br>
> access control.<br>
<br>
</div>Acho que o Luis matou a discussão sobre a segurança do SNMP.<br>
<br>
O RIPE NCC é o responsável pela internet em toda a Europa. Acho que<br>
não existe operação mais crítica do que essa, né?<br>
<br>
E podemos citar inúmeros outros exemplos de empresas que usam SNMP.<br>
<br>
Até porque, quando você avalia riscos e benefícios, a monitoração é um<br>
importante fator de segurança.<br>
<div><div></div><div class="h5">_______________________________________________<br>
SaoPaulo-pm mailing list<br>
<a href="mailto:SaoPaulo-pm@pm.org">SaoPaulo-pm@pm.org</a><br>
<a href="http://mail.pm.org/mailman/listinfo/saopaulo-pm" target="_blank">http://mail.pm.org/mailman/listinfo/saopaulo-pm</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>lorn at lornlab dot org<br>Lindolfo "Lorn" Rodrigues<br><br>