[SP-pm] Monitorar processos gerados pelo system
Lindolfo "Lorn" Rodrigues
lorn.br at gmail.com
Mon Nov 23 11:34:55 PST 2009
Direto da wikipedia:http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications<%20http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications>
Security implications
- SNMP versions 1 and 2c are subject to packet
sniffing<http://en.wikipedia.org/wiki/Packet_sniffer>of the clear text
community string from the network traffic, because they do
not implement encryption.
- All versions of SNMP are subject to brute
force<http://en.wikipedia.org/wiki/Brute_force_attack>and dictionary
attacks <http://en.wikipedia.org/wiki/Dictionary_attack> for guessing the
community strings/authentication strings/authentication keys/encryption
strings/encryption keys, because they do not implement a challenge-response
handshake<http://en.wikipedia.org/wiki/Challenge-handshake_authentication_protocol>.
Entropy <http://en.wikipedia.org/wiki/Information_entropy> is an
important consideration when selecting keys, passwords and/or algorithms.
- Although SNMP works over
TCP<http://en.wikipedia.org/wiki/Transmission_Control_Protocol>and
other protocols, it is most commonly used over
UDP <http://en.wikipedia.org/wiki/User_datagram_protocol> that is
connectionless and vulnerable to IP
spoofing<http://en.wikipedia.org/wiki/IP_spoofing>attacks. Thus, all
versions are subject to bypassing device access lists
that might have been implemented to restrict SNMP access, though SNMPv3's
other security mechanisms should prevent a successful attack.
- SNMP's powerful configuration (write) capabilities are not being fully
utilized by many vendors, partly due to lack of security in SNMP versions
before SNMPv3 and partly due to the fact that many devices simply are not
capable of being configured via individual mib object changes.
- SNMP tops the list of the SANS
Institute's<http://en.wikipedia.org/wiki/SANS_Institute>Common Default
Configuration Issues with the issue of default SNMP community
strings set to ‘public’ and ‘private’ and was number ten on the SANS Top
10 Most Critical Internet Security
Threats<http://www.sans.org/top20/2000/>for the year 2000.
2009/11/23 Nelson Ferraz <nferraz em gmail.com>
> > O RIPE NCC implementou monitoramento SNMP nas suas redes internas,
> > e garante a segurança da informação com roteamento e Tagged Virtual
> Networks
> > access control.
>
> Acho que o Luis matou a discussão sobre a segurança do SNMP.
>
> O RIPE NCC é o responsável pela internet em toda a Europa. Acho que
> não existe operação mais crítica do que essa, né?
>
> E podemos citar inúmeros outros exemplos de empresas que usam SNMP.
>
> Até porque, quando você avalia riscos e benefícios, a monitoração é um
> importante fator de segurança.
> _______________________________________________
> SaoPaulo-pm mailing list
> SaoPaulo-pm em pm.org
> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>
--
lorn at lornlab dot org
Lindolfo "Lorn" Rodrigues
-------------- Pr?xima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20091123/09fd4da8/attachment.html>
More information about the SaoPaulo-pm
mailing list