Trivial Authentication

What is Authentication and Why is it Important?

Authentication is determining with a reasonable degree of certainty that an individual requesting access to a device is who they claim to be. For SNMPv1 and SNMPv2c, and authorized individual must know a "secret word" called a community string. However, it is extremely easy for an unauthorized individual to learn the community string by capturing SNMPv1 or SNMPv2c packets off the network. The secret is visible in plain text in every message! Therefore, anyone could realistically use the community string to gain access to devices where they are not authorized. This form of authentication is trivial and represents a significant security vulnerability to devices. The risk assessment for this vulnerability is moderate on a device that supports READ-ONLY operations exclusively but is much higher when the device allows the community string to change the settings of the device through READ-WRITE operations.

SNMPv3 supports strong authentication and private key cryptography, but this must be configured on a device before it can help protect the device from unauthorized individuals. SNMPv3 can operate in no-authentication ("noAuth") mode, and this is no more secure than SNMPv1 or SNMPv2c.                                                                                 

Anonymous Access to Devices

The report on the right shows a list of devices that allow read access for SNMPv1 and SNMPv2c community strings. Rows shown in yellow indicate there is no write access for SNMPv1 and SNMPv2c (this threat may be considered less important, depending on the data exposed). Rows shown in red indicate there is also write access for SNMPv1 or SNMPv2c. Every device in the report that understands only SNMPv1 and/or SNMPv2c should be upgraded or replaced with one that understands SNMPv3. Every device in the report that already understands SNMPv3 should be reconfigured to use SNMPv3 with authentication and private and no longer accept SNMPv1 or SNMPv2c.

SNMPv3 in No-Authentication Mode

When an SNMPv3 user is configured to access a device with no authentication, it means that any individual who knows the name of the authorized user can gain access. This is very similar to a community string, because the user name is visible in plain text in every message. It is extremely easy for an unauthorized individual to learn the name of an authorized user by capturing SNMPv3 packets off the network. The report on the right shows a list of devices that allow read access for SNMPv3 users in noAuth mode. Rows shown in yellow indicate there is no write access for a noAuth user. Rows shown in red indicate there is also write access for a noAuth user. Every device in the report should be configured so either the SNMPv3 user must provide an authentication pass phrase.

Prev

Next Topic: Duplicate Engine IDs