|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eric Brandwine (ericb
UU.NET)Date: Wed Feb 13 2002 - 17:21:33 CST
>>>>> "fj" == Filip Jonckers <fjonckersInterconnect.be> writes:
Having the service installed and having it running are two different
things.
fj> A lot of server installations NEED snmp service installed...
fj> let me give an example:
fj> Compaq Proliant servers installed with NT/win2K should be
fj> running Compaq Insight Agents which are software agents
fj> to monitor/manage the Compaq hardware
fj> Compaq Insight Manager software is used to poll
fj> the status of the agents (using SNMP and some other ports)
fj> problems with hard disk, memory, backplane, temperature ....
fj> can be seen before the major crash happens
These should all be traps. Sending a trap is always safe. You might
want to take a good look at your trap host, but your clients are OK.
fj> Stuff like this are vital in an environment with dozens of Proliant
fj> servers installed
We've got thousands of deployed servers. We're scared.
fj> the same for unix or other environments ....
UNIX mostly. We're taking a good close look at our trap hosts, and
for some large commercial packages, we're implementing a trap proxy
based on the latest (non-vulnerable) UCD-SNMP package. It's not a lot
of code, and will protect the things we cannot upgrade or patch.
There is no NEED. You need to do business and make money more than
you need SNMP. Evaluate what SNMP means to you (and seperate out
polling vs. trapping), and determine what the consequences are of
losing either or both. Your network will not stop dead if you turn
off SNMP, it just won't run as smoothly. You'll have to work harder,
and outages (if any) will be more severe.
Also, I don't recall the results of our Windoze testing, but I believe
that most versions are only vulnerable if the attacker knows the
community string. Don't trust me on that, verify it for yourself, but
if so, go change your strings now. That'll help out. If you're using
public/private, you've got problems.
ericb
-- Eric Brandwine | Better to remain silent and be thought a fool than to UUNetwork Security | speak out and remove all doubt. ericb---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]