Simple Network Monitoring Protocol (SNMP) has been widely deployed as an important network management tool for decades, is a key component of scalable network device management, and is configurable in nearly all network infrastructure devices sold today. As with any management protocol, if not configured securely, it can be leveraged as an opening for attackers to gain access to the network and begin reconnaissance of network infrastructure. In the worst case, if read-write community strings are weak or not properly protected, attackers could directly manipulate device configurations.
Cisco has recently seen a spike in brute-force attempts to access networking devices configured for SNMP using the standard ports (UDP ports 161 and 162). Attacks we’ve observed have been going after well known SNMP community strings and are focused on network edge devices. We have been working with our Technical Assistance Center (TAC) to assist customers in mitigating any problems caused by the brute-force attempts.
While there’s nothing new about brute-force attacks against network devices, in light of these recent findings, customers may want to revisit their SNMP configurations and ensure they follow security best practices, including using strong passwords and community strings and using ACLs to restrict access to trusted network management endpoints.
Cisco has published a number of best practices documents for securing the management plane, including SNMP configuration:
The city in the forest—Atlanta, Georgia—extended a double dose of Southern charm to Cisco in April by awarding two prestigious information security industry awards at the 2nd Annual CSO40 Awards. The awards program recognizes projects and initiatives demonstrating innovative use of security in delivering outstanding business value.
Top honors went to the teams representing Cisco’s Enterprise ACL Management (EACLM) and Unified Security Metrics (USM) projects. Team members included: EACLM – Mark Sullivan, Network Engineer and Oisin MacAlasdair, Technical Staff and Security Prime for networking; USM – Gerwin Tijink, Information Security (InfoSec) Architect, Hessel Heerebout, USM Program Manager, and Ranjan Jain, IT Architect and Security Prime.
As the famous saying goes, “Good things come to those who wait”. Delayed gratification – person’s ability to forgo a smaller reward now for a larger reward in the future – has been linked to better life outcomes as demonstrated by the often cited Stanford Marshmallow experiment and others. In most cases though, it requires a degree of self-control not easily achievable in today’s fast paced, ever-changing world with new mobile devices, protocols and technologies.
If you are one of the Cisco Wireless customers currently deploying Release 7.0 MD and waiting for the next Cisco Wireless Software Maintenance Deployment Release, the wait is over!
Release 18.104.22.168 has achieved Maintenance Deployment (MD) status.
Release 22.214.171.124 is the recommended MD release for all non-802.11ac deployments. For 802.11ac deployments, Release 126.96.36.199 (Release 7.6 Maintenance release 1) is the recommended release.
Cisco’s been doing virtualization in various forms on the network side for quite a long time. One incredibly powerful feature that I think is still amazingly under utilized is the Cisco VSS or Virtual Switching System.
The ability to make two 6500’s look like a single switch so that you can have your cake and eat it too. Its the epitome of giving us the redundancy and availability we need while simultaneously allowing us to use the extra capacity that could normally sit unused. Easier management and configuration make this a no-brainer that more network managers should consider as ‘required’ in their design. Check out our ‘Fundamentals of VSS‘ to get yourself started.