Symptoms
- Data Domain SNMP monitoring is configured through the NetWorker Management Console (NMC).
- Security scanner is detecting a security vulnerability due to SNMPv1/v2 usage
Readable SNMP Information
SNMP GETBULK Reflected Distributed Denial-of-Service Vulnerability
EOL/Obsolete Software: SNMP Protocol Version Detected
Disable or remove SNMPv1/2c authentication. Use SNMP version 3 authentication.
Cause
SNMPv2 is currently used for Data Domain SNMP monitoring through the NetWorker Management Console (NMC). SNMPv3 has added security options:
- Authentication is used to ensure that traps are read by only the intended recipient. As messages are created, they are given a special key that is based on the EngineID of the entity. The key is shared with the intended recipient and used to receive the message.
- Privacy encrypts the payload of the SNMP message to ensure that it cannot be read by unauthorized users. Any intercepted traps will be filled with garbled characters and will be unreadable. Privacy is especially useful in applications where SNMP messages must be routed over the Internet.
Data Domain has SNMPv3 configuration options; however, there is currently no option to configure/utilize SNMPv3 when setting up Data Domain monitoring through the NetWorker Management Console.
Resolution
Request for Enhancement (RFE) NW-I-1312 has been opened for added functionality; include options for SNMPv3 Data Domain monitoring within NetWorker. Engage your Dell Sales Account representative if you would like to track this RFE.
Affected Products
NetWorker
Products
Data Domain, NetWorker