[SP-pm] Monitorar processos gerados pelo system

Luis Motta Campos luismottacampos at yahoo.co.uk
Mon Nov 23 14:51:10 PST 2009 

>From: "Lindolfo "Lorn" Rodrigues" <lorn.br em gmail.com>
>Sent: Mon, 23 November, 2009 20:34:55
>
>Direto da wikipedia:http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Security_implications
>
>Security implications
>    *
SNMP versions 1 and 2c are subject to packet sniffing of the clear text
community string from the network traffic, because they do not
implement encryption.
>    * All versions of SNMP are subject to
brute force and dictionary attacks >for guessing the community
strings/authentication
>strings/authentication keys/encryption strings/encryption keys, because
>they
do not implement a challenge-response handshake. Entropy is an
important consideration when selecting keys, passwords and/or
algorithms.
>    * Although SNMP works over TCP and other
protocols, it is most commonly used over UDP that is connectionless and
vulnerable to IP spoofing >attacks. Thus, all versions are subject
to bypassing device access
>lists that might have been implemented to restrict SNMP access, though
>SNMPv3's other security mechanisms should prevent a successful attack.
>    * SNMP's powerful configuration (write) capabilities are not being
>fully utilized by many vendors, partly due to lack of security in SNMP
>versions before SNMPv3 and partly due to the fact that many devices
>simply are not capable of being configured via individual mib object
>changes.
>    * SNMP tops the list of the SANS Institute's >Common Default Configuration Issues with the issue of default SNMP
>community strings set to ‘public’ and ‘private’ and was number ten on
>the SANS Top 10 Most Critical Internet Security Threats for the year 2000.


OK, OK, são todos pontos bons e válidos. Mas eu já disse: a premissa aqui é que a gente sabe fortificar uma rede, e, se um fulano consegue up IP na nossa rede, temos problemas muito maiores do que este fulano conseguir ler dos SNMPs... a proteção do SNMP é via routing e bons firewalls.

Putamplexos.
 --
Luis Motta Campos is a software engineer,
Perl junkie, foodie and amateur photographer.

More information about the SaoPaulo-pm mailing list