A threat posed by SNMP use over WLAN A paper dealing with Wi-Fi Security ( Gianluigi Me, PhD). The Simple Network Management Protocol (SNMP) uses a manager/Management Information Base (MIB)/agent paradigm, as shown in Figure 1   This paradigm is based on a manager asking an agent for information in a certain coded format such as that in a MIB. The receiving agent processes the request, retrieves that information, and returns it or the reason of unavailability. In this manager/MIB/agent paradigm, the user interface plays just a presentation layer, it is graphics-based and designed to make data retrieval and the resulting presentation more usable. Management applications offer a way to format retrieved data and offer extra layer of user control of Network Management Station (NMS) functions. Securing Agents and NMSs Version 1 of SNMP offers sketchy tools to secure the communication process between the NMS and an agent. Only the limited protection of authentication comes with SNMP in the form of a community name. More robust mechanism to eoffer security can lay on TCP/IP by third-party software. For example, the only protection against unauthorized access is a string of characters in SNMP header, called Community name. This is an NMS’s access authority that an agent will check before performing the task requested in the SNMP message. All the agents that respond to the same NMS will have the same two Community Names. The Get Community Name instructs the agent to allow reading of MIB variables. The Set Community Name authorizes the agent to write a value to a MIB object that is designated as read-writable. Some texts identify these as the Read and Write Community Names. Most vendors have their agents and NMS out-of-the-box configured with the Community Name set to “public”. It is recommended to the network manager to change those settings on the agents and the NMS. If these configuration values are not changed, any NMS can access and change agent information.
|
