T 5.61 Misuse of remote access to management functions on routers

Routers are equipped with remote access ports for management functions. All administration, maintenance and signalling tasks can be performed via these ports. Such ports are useful, and sometimes even indispensable, particularly in large networks possessing several routers and LANs linked via long-range lines.

There are two types of remote access:

• Modem access via dedicated interfaces (e.g. V.24)

• Direct access via reserved bandwidths

If SNMP (Simple Network Management Protocol) is used for network management, a fundamental lack of security measures, or a failure to implement existing measures, gives rise to threats over and above the direct misuse of unprotected remote interfaces:

• An unauthorised user intercepts data packets from an SNMP management station and modifies their parametrised values for his own purposes. The manipulated data packets are then forwarded to their original, intended destination. The receiving unit is not able to detect the manipulation of the data, and handles the information in the packet as though it had been sent directly from the management station.

• If the owner of a network management station gains access to a network administered using SNMP, it is possible for the owner to impersonate a community (an administrative area within SNMP). As a result, an unauthorised user is able to feign an authorised identity, and read all the information from the agents (objects to be managed in the network, such as routers) as well as perform all management operations. In this case, the agents are not able to distinguish between the correct and incorrect identities.