Computerworld - The past few weeks haven't been a complete disaster, but I have to dig deep to find the silver lining in recent events.
It started when the Finland-based University of Oulu's security research team released a series of vulnerability warnings about Simple Network Management Protocol (SNMP) v1 implementations. Last year, the team released a similar warning about the Lightweight Directory Access Protocol (LDAP) that was entirely accurate, so I was sure it was right again.
LDAP servers aren't that common—we have four, which we patched quickly. SNMP servers are a different story. Everything seems to come with an SNMP interface; I hear even some digital cameras are affected by SNMP problems. Certainly, every major system and network operating system is at risk.
We have 4,312 network devices. Of those, 75%—about 3,200—run SNMP and need to be patched. Luckily, we block SNMP from the outside world and don't publish anything to third parties via SNMP.
By the time you read this, however, I expect some bright spark will have written a chunk of malicious code that spreads via the SNMP bug and also uses Web sites or e-mail to propagate itself. Despite our excellent layered antivirus strategy, I'd be kidding myself if I didn't think it was possible for such code to get into the company. And once it got there—ouch!
THISWEEK'SGLOSSARY
RFC1918: This Internet Engineering Task Force request for comment specifies the following three ranges of IP addresses exclusively for internal network use:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Correctly configured Internet routers won’t allow packets within these address ranges through to the Internet. To allow internal computers to communicate with others outside the firewall, the router (or firewall) uses network address translation to associate internal addresses with valid external ones. For more information, visit www.faqs.org/rfcs/rfc1918.html.
LINKS:
The University of Oulu takes the spotlight again with its SNMP vulnerability warning. My advice: Find out what the university’s security team will investigate next and turn it off in your environment before the team releases its next report.
Read the details of the SNMP warning from the CERT Coordination Center at Carnegie Mellon University.
This useful summary at the Web site of Internet Security Systems Inc. lists network equipment vendors and their current status regarding the SNMP vulnerability.
Got the MSN IM virus? McAfee.com Corp. offers details on the virus and how to eradicate it.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
