Administrators Scramble To Safeguard NetworksAdministrators Scramble To Safeguard Networks

Network and security administrators are dealing with the daunting task of protecting their networks from a slew of vulnerabilities revealed last week in the most pervasive protocol used to manage IT infrastructures: the Simple Network Management Protocol. And securing affected systems from potentially debilitating denial-of-service attacks and unauthorized user access is anything but simple.

Companies should diligently examine their networks for any devices--including routers, hubs, switches, and wireless access points--that may be SNMP-enabled and check with equipment vendors for patches that fix the vulnerability, security experts say. Dozens of vendors already have published patches on their Web sites. Cisco Systems, for example, says it has provided patches for nearly one-third of its affected products; the remainder will be published in a week or two.

Although nothing is totally foolproof, there are other steps companies can take to minimize risks. Network administrators should configure firewalls to filter incoming SNMP traffic on ports 161 and 162. CERT, a federally funded security research group, also recommends blocking less commonly used ports 199, 391, 705, and 1993.

Network-and system-management tools rely heavily on SNMP, but companies need not shut down internal SNMP traffic, says Piers McMahon, director of security product management for Computer Associates. To minimize risk, "Segregate the traffic so you can strain the inbound SNMP traffic to only come from an authorized management tool," he advises.

Like other publicly known security vulnerabilities, this one is a race between hackers developing tools to exploit the vulnerabilities and administrators trying to secure their networks.

Says Gartner's Bill Gassman, research director for network systems management, "It's conceivable that a worm is created that gets through the firewall and adds SNMP crashes as its payload."