Not to sidetrack the conversation, but Qualys is not from IBM: They do partner with IBM so
it's possible IBM is using them to scan your environment as part of a
delivered vulnerability management service.

The local technical account manager (sort of a post-sales engineer) is a
friend and fellow officer of the Chicago ISSA chapter.

On Mon, Feb 4, 2013 at 9:35 AM, <rob@xxxxxxxxx> wrote:

We are using Qualys from IBM to do internal, and external, security
detection on our equipment. Apparently it has an issue with the level of
SNMP (or perhaps my implementation of it) utilized by our IBM i at 7.1:

Simple Network Management Protocol (SNMP) is an "Interrnet-standard
protocol for managing devices on IP networks."
The authentication of clients of earlier versions of SNMP is performed
only by a "community string", in effect a type of password, which is
transmitted in cleartext.
The Internet Engineering Task Force (IETF) has designated SNMPv3 a
full Internet standard, the highest maturity level for an RFC. It
considers earlier versions to be obsolete designating them ("Historic").
The system is at high risk of being exposed to security
vulnerabilities. Since the vendor no longer provides updates, obsolete
software is more vulnerable to viruses and other attacks.
Disable or remove SNMPv1/2c authentication. Use SNMP version 3

SNMPv3 provides additional security features:
Confidentiality - Encryption of packets to prevent snooping by an
unauthorized source.
Integrity - Message integrity to ensure that a packet has not been
tampered with in transit including an optional packet replay protection
Authentication - to verify that the message is from a valid source.


As a temporary measure, block access to SNMP services at the network

In situations where blocking or disabling SNMP is not
possible,restrict all SNMP access to separate, isolated management
networks that are not publicly accessible.

Rob Berendt
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page