Contents:
1) SNMP Vulnerabilities
2) IT SECURITY
3) Corporate Time Upgrades
4) NAS Training
5) Auditing of Contact Manager
* * *
There has been a lot of news lately about a new SNMP exploit that could pose a potential danger to campus. The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. These vulnerabilities may cause denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain access to the affected device.
CCSO's LAN office has posted the following information for patching switches that are commonly used here at UIUC. Please take note and ensure that the appropriate patch is applied to your switches.
Instructions for upgrading:
In general, switch administrators will need to log into their switches and use the console to direct the switches to download their updates from the TFTP server on cub.cso.uiuc.edu (130.126.113.5). Note that TFTP information given below is case-sensitive.
Additional vendor information is also linked here for convenience.
| Switch model and notes | TFTP software on Cub | Documentation |
| Hewlett-Packard: | ||
| HP Procurve 2512 switches (J4812A) and 2524 switches (J4813A) | hp2524/F_04_08.swi | |
| Cisco Catalyst 5000 and 5500 series switches: | ||
| Supervisor Engine I and II models with 16 MB DRAM or less | cat5000/cat5000-sup.4-5-13a.bin | Version 4.5.13a release notes |
| Supervisor Engine II models with 32 MB DRAM or more | cat5000/cat5000-sup.5-5-13a.bin | Version 5.5.13a release notes |
| Supervisor Engine III models with 32 MB DRAM or more | cat5000/cat5000-sup3.5-5-13a.bin | Refer to version 5.5.13a release notes above |
| Cisco Catalyst 4006 series switches: | ||
| All Cisco Catalyst 4006 series switches | cat4000/cat4000.5-5-13a.bin | Refer to version 5.5.13a release notes above |
| Foundry: | ||
| Foundry switches are not affected. No modifications are necessary. | ||
If a network administrator has a switch that is not listed in this table, see the Contacts information for information on how the network administrator can open a trouble ticket to get update information for that switch.
If your printer is directly attached to a computer (via a serial, parallel, or USB connection), then your printer is not open to the SNMP vulnerability. However, if your printer is attached directly to the network via its own Ethernet connection (as JetDirect printers are), and if the printer does not depend on a computer to control network access to it, it is likely to be vulnerable to this SNMP issue.
Since there are so many variations on printers, JetDirect cards, and firmware patches, your best point of reference is the CERT website and vendor documentation. In order to assist campus printer administrators as much as possible, the Security Group is assembling information about systems that are used on this campus at http://www.cio.uiuc.edu/security/. If you have any information you can contribute to these lists, please send them to security@uiuc.edu.
For other affected systems, including Solaris machines and UCD-SNMP pre-4.2.3 systems, see the CERT web page for the latest available information.
General assistance with securing Solaris and other Unix systems is also available from the Introduction to Unix Security page, including links to several campus groups' step-by-step Unix security pages.
Please continue to monitor the CERT and vendor Web pages for patch availability for your systems. CERT's advisory, list of affected vendors, and their responses are available at:
http://www.cert.org/advisories/CA-2002-03.html
If you have any questions, contact the Security Group at 265-0000 or security@uiuc.edu.
If you have difficulty in upgrading your systems, contact the Operations Center at 244-1000 or net-trouble@uiuc.edu. Ask for a trouble ticket to be created and placed in the LAN Maintenance group's work queue.
Note: Due to the number of campus systems that will need to be upgraded in the next week, the LAN Maintenance group's response may not be immediate. However, we will try to reply to all requests within two days to determine what work is required and estimate a scheduled date and time.
* * *
The CIO's IT Security team requested that we share their web site with you. The site contains information specific to campus, as well as up to date security advisories that pertain to UIUC. In addition, their page contains information on reporting SPAM, which is useful to pass onto our users. Please access the site at http://www.cio.uiuc.edu/security/.
* * *
3. Corporate Time Upgrades on the way
The Corporate Time server will be receiving a hardware upgrade on Tuesday, February 26. The current production server will be moved to CCSO's Remote Data Center and will serve as a backup. In addition, upgrades to the web client are expected soon. One of the bugs that will be fixed is an error when sending ones calendar to someone who does not have corporate time. Currently, all times in the calendar default back to EST.
* * *
The Security class held by NAS on February 20th was well attended and informative for all. We'd like to thank Sean Mauney from the CIO's IT Security team for giving an outstanding presentation. NAS is currently working on editing the video of this class and the end result will be available online. We would like to conduct monthly classes in the future.
The initial feedback we are getting is for information training with a good amount of technical details. Windows networking seems to be one of the topics that most of you are interested in, however we need YOUR INPUT for upcoming classes. With over 400 professionals, both within CCSO and within the CCSP list, we have the ability to tap subject matter experts in nearly any topic related to computing. We hope that you will take advantage of this resource and let us know what you'd like to see.
* * *
5. Auditing of Contact Information
OpCenter maintains contact information for many network, systems, and services administrators, over and above what is available in PH. This information may be viewed in Contact Manager https://www-s2.cso.uiuc.edu/contact/contacts.cgi.
Please note that the information contained in Contact Manager is used by the Operations Center to contact the correct network administrator when there are problems. If this information is not up to date, it can seriously affect the Operation Centers ability to notify you in event there are network problems.
There is now an "audited" flag associated with your data that can only be set by you. It can be set manually while viewing the data, and is set automatically when you edit it. OpCenter has requested that staff be reminded periodically to audit their data, and an automatic process has been set up to send email to each user whose data has not been audited in the past 6 months (Please note this will only go to those already on our list, if you have not been added to Contact Manager and the primary contact had moved on or changed responsibilities, please contact the OpCenter at 4-1000 to request information on how to update contact manager).
* * *
--
CCSO Network Administrator Support (NAS)
http://www-commeng.cso.uiuc.edu/nas/
http://www-commeng.cso.uiuc.edu/nas/netnuggets/index.html
admin-help@uiuc.edu