Friday, February 26, 2010

SNMP Enumeration Countermeasures

Countermeasure Do not install the management and monitoring windows component if it is not going to be used. In case it is required ensure that only legally authorized persons have access to it else, it might turn into an obvious backdoor. Edit the Registry to permit only approved access to the SNMP community Name.
Countermeasure Change 'community' to properly configured ones - preferably with private community names (not the default "public"). Where possible, restrict access to SNMP agent. By restriction, we mean allowing SNMP requests from only specific addresses. Additionally, these requests should be restricted to read-only wherever possible. All these configurations can be done by changing the properties of the 'SNMP Service' (Start/Administrative Tools/Services).
Countermeasure Authenticate/Encrypt using IPSEC - SNMP (V1) may not have adequate authentication and encryption facilities built in but this is where IPSec can come to the rescue. IPSec policies can be defined in the monitored systems and management stations so that all SNMP traffic is authenticated and/or encrypted.
Coutermeasure Collect Traps - If SNMP is enabled, monitor the Windows 2000 event logs. Effective auditing can actually raise the level of security

0 comments:

Post a Comment