Newly identified security gaps threaten Internet
The cybersecurity community scrambled this week to protect nearly every piece of hardware that operates the Internet, as well as local and wide area networks, after a Finnish university discovered widespread security gaps. On Tuesday, the Computer Emergency Response Team Coordination Center at Carnegie Mellon University in Pittsburgh warned that programming errors within the Simple Network Management Protocol (SNMP) "may allow unauthorized privileged access [to network hardware], denial-of-service attacks, or cause unstable [network] behavior." SNMP is the most popular protocol in use to manage network devices, such as routers, switches and hubs. "Many of the affected products provide key services to the Internet infrastructure," warned the coordination center. "Large-scale outages of these devices could disable significant portions of the global network." Information concerning these security gaps has already surfaced within hacker communities, the coordination center warned. The FBI's National Infrastructure Protection Center issued a warning Tuesday alerting system administrators to the possibility of cyberattacks that take advantage of the newly discovered programming errors. While there have been no confirmed exploitations of the security gaps yet, "action may be required to prevent the possibility of criminal exploitation by malicious hackers," the alert said. To correct the problems, administrators "will have to make changes to many dissimilar devices located throughout their networks," the Computer Emergency Response Team Coordination Center alert said. To this end, the System Administration, Networking and Security Institute announced Thursday it is offering administrators a free SNMP "self-testing tool." According to SANS, nearly "every organization must take action to avoid the widespread vulnerability."
System administrators can obtain the tool by e-mailing SANS at snmptool@sans.org. As a stopgap measure, system administrators can prevent attacks by turning off SNMP. Or, if SNMP is a required service, administrators should download software security patches developed by software and hardware vendors. SNMP has long been known to be vulnerable to cyberattacks. SANS, the federal Chief Information Officers Council and the National Infrastructure Protection Center included information about a previous set of SNMP vulnerabilities in their second annual list of the 20 most critical internet security vulnerabilities released last October. The SNMP vulnerabilities were discovered by the Secure Programming Group at Oulu University in Oulu, Finland.