SNMP Research International, Inc.

Secure Your Network

Pertinent SNMP Research End–User products:

Developer products for manufacturers:

External Links:


CERT Alert (TA18-106A): Russian Cyber Attack

Table of Contents

Overview

On April 16, 2018, the United States Computer Emergency Readiness Team (CERT) issued CERT Alert (TA18-106A), "Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices".

We encourage all of our customers to read this alert and put actions into place to discover and prevent possible intrusions.

One of the major vulnerabilities available to these attackers of network infrastructure devices is through the use of SNMPv1 and SNMPv2c agents implemented in those devices. Implementation of SNMPv3 with security will prevent SNMP attacks of this kind.

SNMP Research provides tools for end-users that can search your network for devices that still use unsecure SNMPv1 and SNMPv2c (SNMP Security Analyzer) and help you configure SNMPv3 agents for security (Simple PolicyPro®).

SNMP Research also provides toolkits to help manufacturers build secure SNMPv3 agents (EMANATE®) and SNMPv3 management applications (BRASS™).

For more information, please send email inquiries to info@snmp.com.

Analysis of the Document

This section explores the implications of the Technical Alert (TA) for creators and users of network infrastructure devices—routers, switches, firewalls, etc.—and other network elements that are manageable with SNMP (collectively, "network devices"). For page number references, please refer to the PDF version of the TA above.

Who is at risk?

What tactics are being used?

What should be done for SNMP?

"Blocking external SNMP at the network boundary" (page 3, last paragraph) is an inadequate defense against cyber actors. Individual devices should be "hardened before installation" (page 2, next-to-last bullet). Here are some concrete steps that should be taken to defend against attack.

  1. "Disable...SNMPv1 or v2c. Where possible, use...SNMPv3." (page 7, bullet 2)  And, "configuration data should be encrypted between sender and receiver." (page 11, paragraph 1)


  2. "DHS strongly advises owners and operators to retire and replace legacy devices that cannot be configured to use SNMP V3." (page 7, bullet 2)


  3. "Immediately change default passwords and enforce a strong password policy." (page 7, bullet 3)

  4. "Simply using SNMPv3 is not enough to prevent abuse of the protocol. A safer approach is to combine SNMPv3 management information base (MIB) whitelisting using SNMP views." (from external document TA17-156A referenced on page 8, bullet 1)

Contact Information

For further information about this alert or SNMP Research's products, please contact SNMP Research, Inc.

SNMP Research Incorporated
3001 Kimberlin Heights Rd.
Knoxville, TN 37920
U.S.A.
Tel: +1 865 573 1434
Fax: +1 865 579 6565
E-mail: info@snmp.com
www.snmp.com