Bill "Ches" Cheswick, Chief Scientist of Lumeta and Internationally Renowned Security Expert Comments on CERT SNMP Vulnerability Alert.Business Editors/High-Tech Editors SOMERSET, N.J.--(BUSINESS WIRE)--Feb. 13, 2002 "I have never seen a vulnerability of this magnitude to the Internet itself" The Computer Emergency Response Team (CERT (r)), the research organization at Carnegie Mellon University Carnegie Mellon University, at Pittsburgh, Pa.; est. 1967 through the merger of the Carnegie Institute of Technology (founded 1900, opened 1905) and the Mellon Institute of Industrial Research (founded 1913). ) and the Oulu University Secure Programming Group announced a series of very serious vulnerabilities in equipment that responds to the Simple Network Management Protocol (SNMP (Simple Network Management Protocol) A widely used network monitoring and control protocol. Data are passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc. ). If exploited, it is possible that routers across the global Internet could be crashed, suffer serious performance degradation, or be commandeered. Bill Cheswick, Chief Scientist of Lumeta Corporation and internationally renowned security expert, described the vulnerability, "It involves very complicated software. They probably haven't found all the problems with it, and I suspect we'll be hearing more about this in the future." "I have never seen a vulnerability of this magnitude to the Internet itself," continued Cheswick. "It is conceivable con·ceive v. con·ceived, con·ceiv·ing, con·ceives v.tr. 1. To become pregnant with (offspring). 2. that this could make large parts of the Internet quite unreliable for quite a while. The vendors and ISPs are scrambling to deal with this." Cheswick, who co-wrote the book "Firewalls and Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. : Beware the Wily Hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. ," stated, "As a first step, companies should to turn off SNMP on any equipment that doesn't absolutely need it." Cheswick continued, "To help protect the equipment that must be managed via SNMP, companies should configure See configuration. (software) configure - A program by Richard Stallman to discover properties of the current platform and to set up make to compile and install gcc. Cygnus configure was a similar system developed by K. their firewalls to block SNMP traffic that comes from outside their network. It isn't sufficient to change the SNMP community strings." "Although it doesn't entirely mitigate the risks identified in the advisory released yesterday, companies should also identify those devices that respond to 'public' or other common default community strings," said Cheswick. "I think they will be shocked at how open they are. As part of Lumeta's Network Discovery analysis, we look for routers that are open. Even though many companies have a stated policy that their equipment should not respond to public community strings, we typically find that between 10 and 30 percent of the SNMP-managed devices do respond. This shows the difficulties of knowing the configuration of every SNMP device in a large network, and it foreshadows the challenges companies will face rolling out the fixes uniformly once the vendors issue patches that address these vulnerabilities." About Lumeta Corporation Lumeta Corporation takes a revolutionary approach to network management and security. Originating from Bell Labs Research, Lumeta's breakthrough services provide a comprehensive, foundational knowledge of an enterprise network for risk, change and asset management. Its management team includes CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. Tom B. Dent and security expert Bill "Ches" Cheswick. Lumeta is the source of network knowledge for the network administrators, CIOs and CFOs, who are accountable for their corporate network activity and security. Headquartered in Somerset, New Jersey Somerset is a census-designated place and unincorporated area located at the eastermost section within Franklin Township, in Somerset County, New Jersey. As of the United States 2000 Census, the CDP population was 23,040. Somerset housed one of the first Marconi Wireless Stations. , Lumeta serves many of the leading Fortune 500 companies. Investors include: Draper Fisher Jurvetson Draper Fisher Jurvetson (DFJ) is a venture capital firm based in Menlo Park, California with affiliate offices in more than 30 cities around the world and over $4.5 billion in capital commitments. Gotham, Draper Fisher Jurvetson and meVC Draper Fisher Jurvetson Fund I. For more information, visit the Lumeta website at www.lumeta.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion