RE: SNMP Security flaw-and IBM response -- MIDRANGE-L

Jim...

I think the issue for all of us is broader that just our potential iSeries
vulnerabilities.  We do though still need a clear response from IBM on
iSeries and other servers beyond the unix base they've talked about so far.

SNMPv2 is not supported by Cisco, but for many of us snmp on Cisco is
strategic and cannot just be turned off.  We use both Cisco routers and
switches.  Then again, I'd bet we have snmp running on some systems where we
aren't even using it.

Today's SANS NewsBites (see below) suggests many organizations are following
a four-step action plan to improve security.  This is an opportunity for
SANS to encourage us to improve security generally by promoting the SANS
"top twenty".  I did the top 20 review during the NIMDA chaos but I'm going
to review it again, especially looking at the new servers we've added since
then.

They are also making available a tool to help find the Cisco
vulnerabilities.  There is a webcast next Wednesday to introduce that tool.

Ray


From: Alan for the SANS NewsBites service
Re:   February 13 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The widespread SNMP vulnerabilities appear to be a wake-up call. Many
organizations are following a four-step action plan to fix more than
just the immediate problem:
1.Patch the systems on which you have to run SNMP
2.Turn off SNMP on the systems where you don't.
3.See which of the other "Top Twenty Internet Security Vulnerabilities"
(www.sans.org/top20.htm) your organization has not protected against,
and make it right.
4.Check your Cisco routers for the other important vulnerabilities
uncovered by the NSA and SANS, and correct those flaws.

SANS and the Center for Internet Security are making available a
new free tool to help you find the Cisco vulnerabilities.  We have
rescheduled the web broadcast, in which the tool's main authors will
show you what the tool does and how it works, for next Wednesday,
February 20 at 1:00 PM EST (1800 GMT). The change in date is to give
you time to get all your SNMP problems solved before you move on to
the other Cisco security issues.


                                  Alan

**********************************************************************

-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com]On Behalf Of Jim Franz
Sent: Wednesday, February 13, 2002 9:31 PM
To: midrange-l@midrange.com
Subject: Re: SNMP Security flaw-and IBM response


can anyone identify the snmp version on the iSeries?
We have read in prev posts that IBM say's generically" it is unaffected
but I have people asking for more detail. Some news stories have
said get to level 2, other level 3 of the snmp protocol.

btw - some have complained (both to CERT.org & IBM) that the iSeries
is never mentioned or referenced. To IBM i would say "you keep telling
us we've got a great server & can play in the "real" world with a standards
based system", yet you leave us in the dark in the security area. I see the
protocols I use every day (http, telnet, ftp, pop, snmp, etc) listed in
CERTS
and all I can do is pray you've got it covered. (took years to get the old
security flawed DNS updated!) CERT answered me back and said it's up to
the vendor to participate. How about it ???
Went to the iSereis support site - searched "snmp AND security" - nothing
relevent. The rest of the world is paying attention to this!
jim franz