Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

NMS implementations can be easily attacked, warns security firm

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

September 7, 2016

According to new research performed by internet security firm Rapid7, and contrary to popular belief, Network Management Systems (NMS) are far more easily attacked than previously thought.

The company behind the popular Metasploit penetration testing tool warns that several security vulnerabilities in systems used to manage network elements in the corporate landscape such as routers, servers and printers offers attackers a treasure trove of valuable and perhaps non-obvious enterprise targets, such as the printer that is used for employee payroll runs, or HR's central server containing critical and personally identifiable data on the employee database.

The most recent research from Rapid7 explores how it's often possible to easily attack various types of network management systems over the Simple Network Management Protocol (SNMP), an aging and rather insecure standard but still extensively used today by NMSs to manage and monitor a wide variety of networked devices.

Using the tool, 3 very distinct but extremely critical attack vectors are explored:

  • Passively injecting Cross-Site Scripting (XSS) attacks over SNMP agent-provided data, which is passed unprocessed from the SNMP server service and rendered on an NMS web-based administration console.

  • Actively injecting XSS attacks over SNMP trap alert messages, intended for NMS consoles.

  • Format string processing on the NMS web management console, when format strings passed unprocessed from SNMP agent-provided data.
  • The overall prevalence of these security flaws and others are partly explained because Machine-to-Machine (M2M) communications “often escape the scrutiny afforded to more typical user-to-machine communication”, according to Deral Heiland, research lead at Rapid7.

    Rapid7’s overall research team uncovered no less than thirteen security vulnerabilities across several products from nine different vendors, all of which came as a result of a lack of validation of machine-provided input.

    Rapid7 asserts that all nine of the vendors were notified of these issues by Rapid7 well before the publication of a whitepaper on the research today.

    Some of the various products that were accessed included Castle Rock SMNPc, CloudView NMS, Ipswitch WhatsUp Gold, ManageEngine OpUtils, Netikus EventSentry, Opmantek NMIS, Opsview Monitor, the well-known and popular Paessler PRTG and Spiceworks Desktop.

    Users of these products are urged to ensure they are running the latest versions of the software as soon as possible.

    Source: Rapid7 I.S.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer