Presentation by Grorg Christian Pranschkle at ZaCon 2 in 2010.
This presentation is about SNMP security The presentation begins with an overview of SNMP. SNMP security weaknesses and SNMP security in cisco apps are discussed. Frisk-0 a tool for SNMP Hacking developed by the presenter is also discussed.
3. Agenda
How it all began…
SNMP ?
SNMP from a Security Perspective
SNMP on Cisco Appliances
Exploiting SNMP Misconfigurations
Frisk-0
Secure your SNMP enabled devices
Questions
15. Brute Forcing Cisco Appliances
TELNET
Often only password required
Only three tries – then reconnect
Enable password needs to be brute forced as well
SSH
Needs username and password (ssh -1)
Only three tries per connection
Enable password needs to be brute forced as well
HTTP(S)
Basic Authentication
Fastest so far
No enable password
16. Brute Forcing Cisco Appliances
SNMP
Almost as fast as we can send UDP packets !
Just community string needed !
Privileged access to the device !
17. SNMP on Cisco Appliances
Remote Configuration through SNMP
Setting OIDs
Configuration up- and downloads via TFTP
Running config vs Startup config
18. The Vigenere Cipher
Variation of a Caesar Cipher
Why such a weak cipher ?
Obfuscation at best
27. Secure Your SNMP Enabled Devices
Do you really need SNMP ?
Do you really need a RW community ?
Set strong community strings
40+ characters ? Why not!
Access-lists
SNMP
TFTP ! (spoofing)
UDP