All too often we networkers spend our time defending the network not only from security threats but from blame as the root cause (actual or perceived) of performance problems. The network is guilty until proven innocent. So how do we counter these arguments, put the issue to rest, and uphold the integrity of the network? Logs, logs, logs.
Logs are evidence to support your hypothesis. There are a couple of different types of logs I’d like to talk through and the roles they provide in a tiered approach to troubleshooting.
SNMP – This is one of the first places I go to when an issue is reported. This provides a look at the current state of the network based on polling intervals and traps, and also a place to explore data patterns and trends. Most enterprises will have an NMS solution in place and in my experience this is also a great place to learn the topology of the network(s) when joining a new company. There are many commercial and open source products available and I suggest trying a few different options to find out which works best for you and your team as they all organize and present the data in slightly different manners. Read More »
Tags: #ciscochampion, nms, packet capture, performance, snmp
This week Cisco announced an entirely new approach to delivering rich services to the Enterprise branch office with the introduction of the ISR 4000 Series. For those folks paying attention over the last year this really was no shock. In fact the ISR 4451 announced at Cisco Live 2013 is the first member of this new series teasing the concepts and technologies represented today in an entire portfolio of platforms.
The ISR 4000 Series consists of 5 platforms that spread the architecture and technology introduced with the 4451 across a portfolio designed to meet the needs of most branch offices. With performance-on-demand, these 5 platforms hit 10 different performance levels, from 50Mbps to 2Gbps with services, giving IT departments the capability to pay for only the capacity they need with the option to increase performance with a simple license. The multi-core control/data/services plane CPUs with included virtualization through Service Containers, server replacement capabilities with the UCS E-Series and flat performance-curve with services are truly revolutionary in the industry, so how did we get here? Read More »
Tags: 2500 Series, 2600 Series, Cisco ISR 4451-x, CLI, Gas, interop, IOS, ISR, ISR G2, ISR4k, onePK, router, Service Coontainers, services, snmp
Simple Network Monitoring Protocol (SNMP) has been widely deployed as an important network management tool for decades, is a key component of scalable network device management, and is configurable in nearly all network infrastructure devices sold today. As with any management protocol, if not configured securely, it can be leveraged as an opening for attackers to gain access to the network and begin reconnaissance of network infrastructure. In the worst case, if read-write community strings are weak or not properly protected, attackers could directly manipulate device configurations.
Cisco has recently seen a spike in brute-force attempts to access networking devices configured for SNMP using the standard ports (UDP ports 161 and 162). Attacks we’ve observed have been going after well known SNMP community strings and are focused on network edge devices. We have been working with our Technical Assistance Center (TAC) to assist customers in mitigating any problems caused by the brute-force attempts.
While there’s nothing new about brute-force attacks against network devices, in light of these recent findings, customers may want to revisit their SNMP configurations and ensure they follow security best practices, including using strong passwords and community strings and using ACLs to restrict access to trusted network management endpoints.
Cisco has published a number of best practices documents for securing the management plane, including SNMP configuration:
Tags: ACL, best practices, brute force, security, snmp, TAC
Simple Network Management Protocol (SNMP) is part of IETF’s Internet Protocol Suite that consists of four abstraction layers and defines a set of protocols used on the Internet. SNMP is mainly used for management and monitoring of networked devices. It can inform about the health of a network device or other reflections of its state (interfaces, IP addresses, traffic and more). SNMP is defined as part of IETF RFC 1157. For its function, it leverages Management Information Bases (MIBs), which define the structure of device information maintained. They represent a hierarchical namespace containing object identifiers (OIDs). Each OID identifies an object that holds the information of interest and can be polled or set via SNMP.
Read More »
Tags: IPv6, IPv6-security, security, snmp