search cancel

SNMP polling Access restrictions

book

Article ID: 254151

calendar_today

Updated On:

Products

CAS-S400

Issue/Introduction

Is there a way on CAS s400 version 3.1.4.1 to block IPs from sending requests via SNMP. The ACL on ProxySG works but any internal device seems to be able to poll CAS through SNMP.

Environment

Release : 3.1.4.1

Resolution

Please be informed that here isn't a command/ACL to block "IPs" from polling the CAS device. From the Symantec CAS Best Practice, we have the below. 

  • Control access to the network where Content Analysis is deployed.
    • Configure ICAP and management services to use access control lists

Ref. doc.: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/solution_initial_configuration/security_bestpractice.html

The ACL would be configured from the network.

Additionally,

SNMP polling involves retrieving Management Information Base (MIB) variables from devices in order to determine faulty behavior or connection problems. Faulty devices or faulty connections are then diagnosed by applying predefined formulas to the extracted MIB variables.

A Machine Information Base (MIB) file is a document (written in the ASN.1 data description language) that contains descriptions of managed objects. SNMP uses a specified set of commands and queries, and the MIB contains information on these commands and the target objects. MIBs are typically read using MIB browsers.

When an SNMP manager polls a device for information, the SNMP agent on the device responds to the queries.

Howbeit, the View-based access control (VACM) SNMPv3 mechanism regulates access to MIB objects by providing a fine-grained access control mechanism associating users with MIB views. The VACM facilities are essential in ensuring a completely secure agent.

  • Define access for an SNMP group. Each group is defined by a name, a security model (and level), and a set of views that specifies which types of MIB data that access group can read or write. For more details on defining the access rights for the group, please refer to the Tech. doc. with the URL below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/cli-index/c_config_commands/c_snmp_vacm_access.html

  • For configuring the vacm group member, please see the guidance shared in the Tech. doc. with the URL below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/cli-index/c_config_commands/c_snmp_vacm_member.html

SNMP uses the vacm feature to secure the MIBs and, please implement this with SNMPv3. The 3 key security features of SNMP v3 are listed below.

  • noAuthnoPriv – Communication without authentication and privacy.
  • authNoPriv – Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
  • authPriv – Communication with authentication and privacy.