Did you know that the NSA made its first appearance at DefCon this year, looking for help from the “world’s best cybersecurity community”? Even though the BlackHat and DefCon conferences are now over, I would like to continue to focus on security. Specifically, let’s briefly discuss some best practices you can follow to ensure that your WhatsUp Gold system, and all the devices it monitors, are secure and safe from malicious hackers. Here are some tips for how you can increase the security of your network monitoring infrastructure:
- Run WhatsUp Gold behind a firewall. Design your firewall rules to only allow legitimate traffic from known destinations and filter out all random protocols or unknown hosts.
- Block SNMP at the network borders. SNMP should never traverse the public Internet.
- Utilize strong, secure SNMP community strings and SNMPv3 whenever possible. Don’t use default or guessable SNMP community strings (like your company name). SNMPv3 packets are encrypted, which decreases the possibility of inadvertent disclosure of community strings and other sensitive data.
- Configure SNMP agents to only respond to the IP addresses of WhatsUp Gold servers. Most SNMP agents have the ability to limit hosts from which requests are accepted — don’t just rely on your firewall!
- Limit console access to the WhatsUp Gold server to secure hosts. Allowing RDP sessions from any IP address increases the chance that a hacker can access an unprotected or poorly secured system.
- Run WhatsUp Gold with reduced database privileges. Limiting database privileges minimizes the likelihood that an exploited vulnerability is leveraged to gain privileged access. See the WhatsUp Gold Database Guide for further details.
By following these steps you’ll be able to increase the security of your monitored network, and decrease the attack surface available to would-be attackers.