SECURITY ADVISORY FROM PATTON ELECTRONICS



Similar documents
Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

SonicWALL PCI 1.1 Implementation Guide

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

SysAid Remote Discovery Tool

Firewall Firewall August, 2003

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

SNI Vulnerability Assessment Report

Introduction of Intrusion Detection Systems

Overview. Firewall Security. Perimeter Security Devices. Routers

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

My FreeScan Vulnerabilities Report

8. Firewall Design & Implementation

Intro to Firewalls. Summary

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

OLD DOMINION UNIVERSITY Router-Switch Best Practices. (last updated : )

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Global Partner Management Notice

Security threats and network. Software firewall. Hardware firewall. Firewalls

Management, Logging and Troubleshooting

CSCI Firewalls and Packet Filtering

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

About Firewall Protection

Network Security in Practice

PCI Compliance Considerations

Security Advisory. Some IPS systems can be easily fingerprinted using simple techniques.

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

How To Set Up Foglight Nms For A Proof Of Concept

Network Security Policy

IP Filtering for Patton RAS Products

F-SECURE MESSAGING SECURITY GATEWAY

Firewalls (IPTABLES)

Configuring Security for FTP Traffic

IBM Managed Security Services Vulnerability Scanning:

Executive Summary and Purpose

Firewall VPN Router. Quick Installation Guide M73-APO09-380

IPSEC for Windows Packet Filtering

Edge Configuration Series Reporting Overview

Potential Targets - Field Devices

DMZ Network Visibility with Wireshark June 15, 2010

Name. Description. Rationale

Configuring Allied Telesyn Equipment to Counter Nimda Attacks

Grandstream Networks, Inc. UCM6100 Security Manual

Solution of Exercise Sheet 5

Payment Card Industry Self-Assessment Questionnaire

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

_Firewall. Palo Alto. How Logtrust works with Palo Alto Networks

CS5008: Internet Computing

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Firewalls and Intrusion Detection

Integration Guide. LogicNow MAXfocus

Overview - Using ADAMS With a Firewall

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

How To Configure SSL VPN in Cyberoam

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Firewall Defaults and Some Basic Rules

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Overview - Using ADAMS With a Firewall

Lab Configuring Access Policies and DMZ Settings

Rapid Vulnerability Assessment Report

SOLARWINDS ENGINEER S TOOLSET FAST FIXES TO NETWORK ISSUES

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

University of Sunderland Business Assurance PCI Security Policy

6.0. Getting Started Guide

Protecting Your Organisation from Targeted Cyber Intrusion

74% 96 Action Items. Compliance

Chapter 4 Firewall Protection and Content Filtering

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

THE ROLE OF IDS & ADS IN NETWORK SECURITY

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

CaptIO Policy-Based Security Device

Chapter 8 Router and Network Management

IP Filter/Firewall Setup

Windows Remote Access

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

1 You will need the following items to get started:

Second-generation (GenII) honeypots

- Introduction to Firewalls -

Transcription:

SECURITY ADVISORY FROM PATTON ELECTRONICS Potential Security Vulnerabilities Identified in Simple Network Management Protocol (SNMP) Revision 1.0 For Public Release March 7, 2002 Last Updated March 7, 2002 Contact Information Patton Electronics Co. 7622 Rickenbacker drive Gaithersburg, MD 20879 Phone +1-301-975-1000 Fax +1-253-663-5693 support@patton.com www.patton.com Summary The CERT Coordination Center (CERT/CC) has issued a broad-based Alert to the technology industry regarding potential security vulnerabilities identified in the Simple Network Management Protocol (SNMP). Patton is working with CERT to assess and address this issue. Vulnerabilities have been reported in multiple vendors SNMP implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause system instability. If your site uses SNMP in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solutions section. The following provisions recommended by CERT and Patton Electronics Company should be employed in the operation of Patton s chassis-based RAS. In addition to this advisory, we recommend reading the following FAQ available at http://www.cert.org/tech_tips/snmp_faq.html It is very important that you take the steps described in this document to address SNMP security vulnerabilities. As a Patton customer, our Technical Services Team is available to help you implement the recommended configuration changes. Patton Technical Support contact info: Tel: +1 301-975-1007 Fax: +1 253-663-5693 E-Mail: support@patton.com WWW: http://www.patton.com/support - 1 -

Products Affected Most of Patton s products are Layer-1 or Layer-2 devices. As such, they are not susceptible to upper-layer attacks. Patton Electronics chassis-based Remote Access Server (RAS) products which are Layer-3 Internet appliances are equipped with SNMP. The following models of Patton RAS servers employ SNMP V1. # Model 2800 # Model 2810 # Model 2860 # Model 2960 16 Port RAS # Model 2960 24 Port RAS # Model 29660 30 Port RAS # Model 2960 48 Port RAS # Model 2960 60 Port RAS # Model 2996 96 Port RAS # Model 2996 120 Port RAS - 2 -

Initial Determination The Patton technical support team performed initial testing using Solarwinds SNMP Brute Force Attack software with a free-running batch file. Test results indicated that the Patton RAS products are not vulnerable to SNMP attacks. The free-running batch file used in the test sent 19,000 GET requests, invalid OID requests, and improper community strings every 5 seconds for several hours. The Patton RAS under test logged over 3.5 million SNMP transactions without compromised operation. Figure 1 shows the results of the test and demonstrates the Patton RAS s ability to withstand a serious SNMP attack. Figure 1 Using Patton s web-based management system, under the SNMP page shown in Figure 1, Network Managers can identify possible denial-of-service (DOS) attacks by monitoring the following items: # Number of inbound packets ( Packets In ) # Bad Community Names # Bad Community Uses # Error Status Too Big - 3 -

Prevention Dial-in Users The Patton RAS software suite enables filters to be applied to dial-in users that will prevent any type of IP access to the RAS. Creating filters for this purpose is sound practice for any installation and highly recommended by Patton. For additional information about using filters in the Patton RAS click on the link below to download our IP Filters overview. www.patton.com/technotes/filter_ip.pdf The diagram below shows the Filter IP window of the RAS management software. By clicking on the Filter IP link (see highlight in Figure 2 for link location) you can view the Direction, Action, Destination IP, and Default for Dial-in settings recommended by Patton. Figure 2 Ingress Network Protection You can further limit SNMP vulnerabilities by blocking access to SNMP services at the network perimeter or firewall. This is known as ingress filtering. Ingress filtering manages the flow of traffic as it enters a network that is under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the typical network operation of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. - 4 -

For SNMP, ingress filtering of the following ports listed below can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services. SNMP 161/tcp #Simple Network Management Protocol (SMNP) SNMP 162/tcp #SNMP system management message SNMP-enabled products ship with default community strings for read-only access and for read-write access. For security reasons, Patton Electronics recommends as with any default access control mechanism that network administrators change their default community strings to something of their own choosing with a 10-digit combination of numbers and letters. The community strings are encrypted, but even a 10-digit string of mixed numbers and letters is subject to eventual discovery by determined packet sniffing attacks. Therefore, you should change your community strings on a regular (bimonthly, for example) basis. Disabling the web interface in a Patton RAS provides additional security by keeping HTTP requests from being processed For further information related to the Patton remote access product line, contact our Technical Services Team at: Tel: +1 301-975-1007 Fax: +1 253-663-5693 E-Mail: support@patton.com WWW: http://www.patton.com/support - 5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information