News

Wednesday, March 12, 2008

Is SNMP an Open Door to Your Network?

SECURITY UPDATE
A Penton Media Property
March 12, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345659-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
Centrify Corporation

Extend AD to UNIX, Linux and Mac Systems

Download this Centrify white paper that outlines how Centrify's
DirectControl solution seamlessly integrates your UNIX, Linux, Mac, Java
and web platforms with Active Directory's identity, access and policy
management services to deliver significant benefits. Some benefits: 1.)
Reduce infrastructure costs by moving to a central directory with a
single point of administration, 2.) Strengthen security by eliminating
orphan and dormant accounts and enforcing consistent security and
configuration policies across heterogeneous systems, and 3.) Simplify
compliance with regulatory requirements.

http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345660-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--Is SNMP an Open Door to Your Network?
by Mark Joseph Edwards, News Editor
SNMP is commonly used to manage all sorts of devices, including servers
that run Windows. As with any accessible technology, SNMP needs to be
configured so that it doesn't provide an easy inroad for intruders.

Most of the SNMP server software I've seen installs itself with a
default community name of Public. Leaving that name unchanged is the
equivalent of leaving a default password unchanged, and you know full
well what sort of trouble that can bring. Unfortunately, a lot of
administrators out there fail to change the default SNMP community name,
and as a result, their devices are wide open to any number of attacks.

Recently the folks at GNUCITIZEN ran some tests to see how many
undefended SNMP devices they could find across the Internet. GNUCITIZEN
said that one reason it decided to probe systems via SNMP is because the
protocol provides a relatively anonymous method of manipulation. SNMP is
a UDP-based, connectionless protocol; therefore, spoofing the origin IP
address of its packets is easier. GNUCITIZEN wrote that this "means that
an attacker could change configuration settings from a spoofed IP
address provided that a valid write community string is identified or
cracked."

SNMP provides both read access and write access to devices, and allowed
access varies depending on exact configurations. Nevertheless, as
GNUCITIZEN points out, sometimes read access is good enough to gather
data, such as usernames and passwords. Once a hacker has that data,
other routes can be taken to infiltrate systems and networks.

GNUCITIZEN scanned 2.5 million random IP addresses using SNMP and found
that with only read access available, it could coax some Windows 2000
servers into delivering usernames by simply examining the right SNMP
object identifier (OID). In other instances, the team found that some
devices, such as British Telecommunications' BT Voyager 2000 router and
HP Jetdirect print servers, would even reveal passwords. You can read a
few more details in GNUCITIZEN's blog at the URL below.

www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345661-0-0-0-1-2-207)

Granted, exploits against SNMP in both Windows NT and Win2K Server have
been floating around for years, and you've probably already installed
all the SNMP-related patches issued by Microsoft. But, because many of
you still use those server platforms, you might want to ask yourself
whether you have really secured your systems against unwanted SNMP
probing and querying.

Back in 2000, Microsoft posted two security bulletins regarding SNMP in
Windows NT (at the first URL below) and Win2K Server (at the second URL
below). The articles of course discuss security problems, however they
also link to some relevant information that can help you lock down your
SNMP configurations. For example, the Win2K Server article links to
Microsoft's Security Configuration Tool Set, which can be a big help.
Microsoft also has an article "HOW TO: Configure Security for a Simple
Network Management Protocol Service in Windows 2000," at the third URL
below.

www.microsoft.com/technet/security/bulletin/ms00-095.mspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345662-0-0-0-1-2-207)

www.microsoft.com/technet/security/bulletin/ms00-096.mspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345663-0-0-0-1-2-207)
support.microsoft.com/kb/315154
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345664-0-0-0-1-2-207)

As for Windows Server 2003, the company has an article, "How to
configure Network Security for the SNMP Service in Windows Server 2003,"
available at the URL below.
support.microsoft.com/kb/324261
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345665-0-0-0-1-2-207)

----------------------------------------
ADVERTISEMENT
Neverfail

Ensuring User Continuity: The user has evolved. Have your IT systems?

The Critical Threat of End-User Downtime
In the event of a major disaster -- blackouts, power outage, hurricane,
blue screen server, mis-installed applications, end-user downtime is a
critical threat to the operation of your business. When your systems go
down, your users' productivity grinds to a halt.

This web seminar will help you understand ways you can protect user
continuity by seeing what the next generation of high availability
solutions has to offer. Learn about the evolution of availability and
how to ensure user continuity through seamless recovery of your key
systems and data, regardless of the cause of failure.

http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345666-0-0-0-1-2-207
----------------------------------------


SECURITY NEWS AND FEATURES

--WatchGuard Launches New SSL VPN Appliances
The company's two new appliances offer single sign-on (SSO), federated
identity, and clientless Secure Sockets Layer (SSL) VPN access.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345667-0-0-0-1-2-207

--Chip Piracy Might End with Public Key Cryptography
A group of researchers from two universities has proposed a way to
prevent chip piracy. The technique uses public key cryptography to lock
down circuitry.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345668-0-0-0-1-2-207

--CyberDefender Launches Security Toolbar Beta
CyberDefender is launching a successor to its safeSEARCH toolbar. The
new toolbar, MyIdentityDefender, became available to beta testers this
week.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345669-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at

www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345670-0-0-0-1-2-207)


GIVE AND TAKE

--SECURITY MATTERS BLOG: How They Hack Stuff; Hacking Doesn't Always
Require Programming Skills
by Mark Joseph Edwards
A number of methods can be used to wreak havoc on your network,
including SQL injection, cross-site scripting, bypassing authorization
controls, and leaking sensitive data, to name only a few. Not only that,
but hacking doesn't always require programming skills. Read about these
two issues and more in the Security Matters blog.

windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345671-0-0-0-1-2-207)

--FAQ: Slipstream Windows Vista SP1
by John Savill
Q: Can I slipstream Windows Vista SP1 into a Windows Imaging Format
(WIM) file?

Find the answer at

www.windowsitpro.com/Article/ArticleID/98429
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345672-0-0-0-1-2-207)

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.


PRODUCTS

--Encrypt Email Attachments
by Renee Munshi
Proginet announced CFI Attachment Manager, software that lets customers
encrypt and exchange email attachments of any size. Users can access a
CFI Attachment Manager toolbar in Microsoft Outlook or through a Web
browser. CFI Attachment Manager encrypts attachments while in transit
between the sender and recipient and while at rest awaiting receipt. It
stores attachments in its own data store--which can be placed behind a
firewall or demilitarized zone (DMZ)--to offload attachment storage from
your email servers. CFI Attachment Manager creates logs and timestamps
for every step of the process to provide auditability for regulatory
compliance and e-discovery. For more information, go to

www.proginet.com/solutions/email_attachments.cfm
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345673-0-0-0-1-2-207)


RESOURCES AND EVENTS

Take back control of unauthorized applications in your organization.
Learn why it's important to control unauthorized applications, and read
about the various approaches you can use. Read this white paper to learn
how to integrate blocking of unauthorized applications into your
existing anti-malware detection and management infrastructure.

www.windowsitpro.com/go/wp/sophos/control/?code=030508er
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345674-0-0-0-1-2-207)

This virtual event on April 8, 2008 focuses on three essential systems
management topics: virtualization, deployment, and PowerShell. Learn how
to control costs, manage growing IT complexity, and increase demand to
achieve service-level objectives to support your company’s business
needs.
events1.unisfair.com/index.jsp?eid=259&seid=23&code=031008er
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345675-0-0-0-1-2-207)

Register for a Web Seminar--Win a FREE iPod Shuffle
Increase your knowledge and win! View one of several Web seminars to be
entered to win one of three iPod Shuffles (an $80 value). To be
eligible, register before April 11, 2008.

www.windowsitpro.com/Events/ (http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345676-0-0-0-1-2-207)


FEATURED WHITE PAPER

Oracle Database 11g has the same features and functionality on Windows
as on Linux and UNIX. However, significant work has been done to take
advantage of Windows-specific operating system features to improve
scalability. This paper also discusses the support of a cluster file
system, 64-bit file I/O, and raw files increasing performance and
manageability.

www.windowsitpro.com/go/wp/oracle/architecture/?code=030508e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345677-0-0-0-1-2-207)


ANNOUNCEMENTS

Check out all the info-packed publications offered by Windows IT Pro!
If you're receiving the HTML version of this email newsletter, click
"Our Publications" in the menu bar; otherwise, click the link below:

store.pentontech.com/index.cfm?s=1&cid=18000306&promotionid=18003253&code=
(http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345678-0-0-0-1-2-207)

CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345679-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345680-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345681-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345682-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=3704

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345683-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-3704-803-202-62923-345684-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive