Johannesburg, 27 Feb 2002
In response to a recent CERT security advisory, Computer Associates (CA) has announced the immediate availability of an update to its eTrust Policy Compliance solution that can detect vulnerability to attacks based on flaws in the Simple Network Management Protocol (SNMP) Version 1.
The CERT Coordination Centre is a centre of Internet security expertise at the Software Engineering Institute, a research and development arm of Carnegie Mellon University.
According to a widely publicised CERT Advisory CA-2002-03, the vulnerabilities found in SNMP V1 affect routers, hubs, switches and printers, as well as other managed network devices, operating systems and applications. A number of vulnerabilities have been reported in multiple vendors` SNMP implementations. These vulnerabilities can be exploited to disrupt systems and services, or to allow an attacker to gain access to an affected device.
CA is advising security managers and system administrators to intensify their efforts to protect their infrastructure by adopting Best Practices security policies and immediately closing known security holes - such as the newly-discovered vulnerability of SNMP - by applying appropriate software patches from their technology vendors.
Piers McMahon, CA`s director of eTrust security solutions has suggested that IT organisations take steps to limit use of SNMP except as required. These measures are necessary to proactively protect against security threats that could result in financial losses, breaches of trust and other negative consequences.
"What`s particularly troublesome about this new vulnerability is its scope. SNMP is broadly used across the entire Internet, which means that corporations and service providers alike can be exposed to denial-of-service attacks and data loss," says McMahon.
"That`s why it is so critical for technical teams to respond as quickly as possible to this threat, and to increase vigilance against malicious cyber activities."
Existing users of CA`s eTrust Policy Compliance will receive the SNMP update automatically via the product`s dynamic web update facility. The product will then also automatically verify whether patches have been applied appropriately wherever they are required.
Other CA eTrust solutions can play a role in protecting organisations against SNMP-related vulnerabilities. eTrust Access Control can limit the sources of SNMP traffic accepted on servers, and protect against buffer overflow attacks. eTrust Firewall can block SNMP traffic both at the perimeter and within the organisation. eTrust Intrusion Detection can monitor the network for unauthorised SNMP-based traffic and alert technicians about any suspicious activity.
eTrust VPN can enhance security of network management by tunnelling SNMP traffic securely between managed systems and management services. According to IDC, CA is the world`s leading supplier of Internet security software. Additional information about CA`s eTrust product line is available at http://ca.com/etrust.
CA has also announced that any vulnerability to its Unicenter eBusiness infrastructure management solution related to the use of SNMP Version 1 has also been remedied.
Share