As soon as the first network was invented, the network management came along for free. Like all management, it's remained a headache ever since -- nobody wants to spend more on running a system than the system justifies, but ever-increasing complexity brings with it ever-increasing management woes.
The invention of SNMP in 1988 was one effort to bring some of the benefits of the Intenet approach -- simplicity, expandability and open standards -- to network management. As the name implies, Simple Network Management Protocol (SNMP) was, and is, defined by its simplicity, and it has become very popular as practically the only open standard adopted by all network vendors. That simplicity makes it easy to design, implement and use, and ensures that equipment from different vendors can actually work together as planned.
But with that simplicity comes complacency. For years, security analysts have warned that SNMP's own security risks have been overlooked -- and now the Computer Emergency Response Team (CERT) in the US has issued a set of recommendations about coping with serious flaws in many SNMP implementations. These flaws can compromise the correct working of just about any part of your network's infrastructure, from uninterruptible power supplies to routers and even safety-critical control systems. If you use SNMP, you are vulnerable to attack. But it's an essential part of normal operations -- you can't just turn it off.
SNMP relies on three software components: agents, managers and management information blocks (MIBs). Agents run on the equipment being managed, and managers are the control and monitoring software that manages the equipment. MIBs are a standard way of storing and presenting the data about the managed systems: this data can be passed between agent and manager in a variety of ways, either through management commands and responses or when an agent volunteers information -- generates a trap -- about a state change. Any of these messages can be faked and used for nefarious ends.
Vulnerabilities exist in a wide variety of agents and managers: these include buffer overflows, where a malignant message can overwrite part of the target system's memory and introduce its own code; denial of service attacks, where an SNMP component copes badly with malignant packets and interrupts the service of its host; and plain vandalism where one bad packet crashes the software.
There is little security in SNMP version 1; SNMP v2 has improved confidentiality and security, and the most recent version, v3, improves on this further. However, v1 is still very common: it relies on community strings -- plain text ID data -- to grant or refuse access to manager and agent functions. These should be considered very vulnerable, as they are trivially easy to sniff and fake. In any case, many of the attacks don't need a correct community string at all.
The basic rules of network hygiene apply
SNMP uses UDP packets on ports 161 and 162 for communication between agents and managers, and these should of course be blocked wherever possible -- not only on interfaces with public networks, but internally wherever they aren't actively needed for management. Some systems also use TCP on ports 199 and 705, and it is possible to configure SNMP to use different ports altogether. Filtering is one of the most important tools to protect against attacks; even where you let SNMP packets through a firewall you should limit them to known management addresses. Alternatively, consider having an entirely separate network for management traffic: think of SNMP as the nervous system of your network, and treat it with appropriate respect. You should also make sure that none of the default settings for SNMP security are still in place: these are well-known and notoriously easy to overlook when new equipment is installed. As is SNMP itself: just because you don't use it doesn't mean it's not there. Many firewalls, routers, wireless gateways and other systems that are based on embedded Unix software will have SNMP capabilities, as can operating systems such as Windows and Linux. Any system with SNMP enabled is vulnerable to exploitation: check everything on the network, right down to the printers. Make sure that you have the latest patches for all your SNMP systems, and if you can't be sure that your vendor has correctly assessed the problem and come up with an answer then take the affected systems offline until it's fixed. As with any vulnerable system, a compromised SNMP component can be used to launch further attacks on the network to which it is connected, no matter how minor the component or how normally it seems to be running. CERT has collected much information on what systems are vulnerable and how to cope with problems, and its Web site is a great place to start. SNMP when correctly used and maintained is an essential part of normal network operations, but people everywhere have been lax in maintaining its security. Now nobody will be able to claim they weren't warned.