What is it?
Simple Network Management Protocol (SNMP) is used by network administrators to monitor and control devices (computers, routers, printers, etc.) remotely. There are 3 versions of SNMP. SNMP uses ports 161 and 162.
Wikipedia (link below) provides a good overview of the versions, capabilities and security implications of SNMP.
Why is it a risk?
Being able to control devices remotely is inherently both powerful and dangerous.
All three versions of SNMP have vulnerabilities. Versions 1 & 2 send data unencrypted which allows attackers to eavesdrop on the commands and responses. While version 3 uses encryption and authentication keys, it can be manipulated to override the keys being used.
How can you mitigate the risk?
- Turn SNMP off on devices if you are not using it.
- Disallow SNMP across the Internet using firewall rules; either disallow all traffic on ports 161 & 162 or limit access to specific IP addresses or Mac Addresses.
- Switch to SNMPv3; it’s much more secure than versions 1 or 2.
- Don’t use the default “community read string.” Create a strong community string at least 20 characters long using the same rules that you would use for generating passwords.
- Don’t use NoAuthNoPriv mode in version 3; it makes version 3 act more like version 2.
Resources:
Wikipedia SNMP
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
