Top Layer Networks Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
Both of Top Layer's focused security appliances, the IDS Balancer and the Attack Mitigator, do not exhibit the SNMP vulnerabilite(s) Outlined by CERT Advisory CA-2002-03.
Neither of these products require any modification at all in order to be protected. The AppSwitch/AppSafe product is also capable of being so protected, but it may require that one configuration change be made to ensure total protection based on the TopPath version of firmware it is running.
The detail of the configuration change required in the AppSwitch/AppSafe product is discussed below.
CERT's recommended restrictions are as follows:
1. Disable SNMP V1 access to all applicable network devices
2. Filter SNMP traffic from non-authorized internal hosts
3. Segregate SNMP traffic onto a separate management network
Top Layer is well positioned to provide immediate solutions for our customers. There are two options that users can immediately choose from to protect their TLN security systems from SNMP V1 attacks:
All currently shipping Top Layer products come pre-configured from the factory or can be configured to meet CERT restriction # 1. For example, Top Layer's focused security appliances, the IDS Balancer and the upcoming Attack Mitigator products have, as their factory default settings, Access Restrictions for SNMP set to -Denied- thus meeting CERT restriction # 1.
NOTE: The AppSwitch/AppSafe Release 4.1 factory default is for SNMP disabled. Models running Release 3.55 must be explicitly configured to deny access as described above.
Option #2 is to implement restrictions # 2 and # 3 simultaneously
Restriction # 2
To meet CERT restriction # 2, network managers can set access restrictions for SNMP to an allowed IP host address range via the Web Management Interface supplied with the AppSwitch/AppSafe 3500, the IDS Balancer, and upon general release, the Attack Mitigator. Existing customers can implement this protection themselves in the field today.
The currently shipping AppSwitch/AppSafe 3500 security device can be configured to restrict SNMP to a single management port via its web management interface. This meets CERT restriction # 3.
Both the IDS Balancer and the Attack Mitigator are designed with separate management ports for that exclusive use. These management ports cannot be accessed via "outside" (public network) or "inside" (internal network) LAN connections for greater security and management system integrity. These products meet CERT restriction # 3 -out of the box-.
Top Layer's standard offerings meet the criteria that allow users to protect against SNMP V1 vulnerability exploits. This is all part of Top Layer's continued commitment to provide our customers with improved performance and greater security against cyber threats.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.