Timely Security Issues
Service Offerings
Products and Partners
Internet Security Corporation
|
|
|
| What?.. Who?.. |
Exactly - Who and What.. SNMP is Simple Network Management
Protocol, which helps network
aware devices to recognize each other by IP address, either inside or outside
addresses (in case you use NAT, or Network Address Translation). DHCP is
Dynamic Host Control Protocol, and manages IP address assignments, typically
used inside of networks that use NAT to multiply the number of addresses they
can have, while having only one or a few public Internet IP addresses.
There have been several vulnerabilities in the last few months in SNMP and DHCP
server software. These are particularly confusing in that the vulnerabilities
allow for breakins, but even if they are secured, they still carry around
information on network addresses, and DHCP in particular can reveal the
hardware (Ethernet, or MAC) addresses of some devices on the network, leaving
your network vulnerable to connection hijacking and man-in-the-middle
attacks.
Combining the two increases SNMP traffic as DHCP assigns and revokes
assignments of IP addresses to hardware addresses. This then increases the
exposure of this network information to perimeter devices. It's not really a
security hole, but it is a security issue for high security networks or
network segments. One solution is to make sure that the dirty side of your
NAT device spoofs a null hardware address, but this may then become an issue
for the public addressed part of your network.
We can help you with consulting how to assure that tricks like ARP spoofing
and other surveillance tricks
are frustrated to the extent possible with your network configuration. This
can minimize the risk that your internal network devices can be identified
or mimicked by very capable surveillance.
Call Internet Security Corporation at (408) 739-1092 for an hourly
ad-hoc consulting rate.
|
|
