Skip navigation

One tool that needs to be in your security toolbox is a good management program that utilizes the Simple Network Management Protocol (SNMP).  Utilizing network management software to display all of the SNMP data being polled and sent from attached SNMP agents can provide valuable information i.e, high bandwidth/memory utilization.  These valuable network indicators can be good indication of something mischievous going on within your network. Critics will say that SNMP, as a protocol, is not very secure and therefore it is open to a variety of attacks; however, that should not detract from its use as part of a comprehensive event logging and device reporting solution which I can personally attest to.

While working as a network engineer a few years back for the Department of Defense, I finally was able to justify the procurement of network management software solution to be installed onto our network.  This particular system was in place to support the Air Force linguist training and tracking database.  After the initial install and configuration, I completed a required performance baseline to assess the “normal” characteristics of our network.  Using that baseline as a guide, I then setup alert actions to give us a “heads up” should something out-of-the-ordinary happen.  It took some tweaking due to many false alerts but once I finally got it set, it worked like a champ.  A few months later while at home, I received a few text messages from our system.  The text message indicated that the traffic was off the charts on our router directly attached to that server.  This was extremely odd for a weekend.  I immediately remote into the system from home and discovered that our SQL server was running a script utilizing two extensive text files hidden on the server for data input.  One of the files contained common passwords and the other was common logins and the script was cross-utilizing both in attempt to discover our SQL Service Account (SA) password.  Without that network management software utilizing the SNMP protocol, I would have never known about the attack that was taking place until it was probably too late.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: