Hey Pede's
I have worked as a Network Engineer the better majority of the past 20 years of my life.
I am CCNA, SolarWinds Certified Pro, Network General Sniffer Certified Expert... among others.
I want to bring attention to the level of danger something like SolarWinds being hacked by foreigners.
SolarWinds is a network management application that grants immense capabilities and incredible monitoring.
Some of these are:
- Physical Network Diagram (Viewed live, like a Network Map) for both LAN and WAN networks.
- WAN and LAN network monitoring from physical layer all the way up through the application layer. This includes SNMP access to all devices on the network (if configured this way), which gives SolarWinds an unconscionable amount of authority and power to alter configurations on those network devices.
- Packet Sniffing, and Capturing. Can watch traffic in real time, and capture the packets.
This is just a short list of capabilities. It goes far more indepth than this, down to applications themselves like SQL databases, web traffic, email server traffic and packets, are all monitor-able with SolarWinds.
This is very bad Pede's. I worry very very much how much damage was done.
That is all.
I would hope though, that the US Govt systems had SNMP disabled. Some companies do as it is a security threat to have it enabled on network devices.
SNMP is enabled by default in most cases. The larger the organisation the less liklihood they are to disbale the default (public) SNMP string and create new one.. in most cases it's not practical... and big organisations are lazy. Plus theres little hacker can use from SNMP data (i.e. network stats, HDD, CPU RAM usage, error logs, uptimes etc). If the SolarWinds front end or stored admin credentials are hacked that\s a different story altogether... and a potential disaster.
Yeah I agree with you Sponge. This is my fear.
I have first hand knowledge of what SolarWinds is capable of when the agent is installed on the client machines.
Albeit has been a few years since I have used it. It is all coming back to me and it is making me shake a bit in my boots.
scary shit for any network eng... disabling ports, mirroring traffic, del VLANs, adding network loops... untold disruption. Imagine having to redo SNMP strings for an entire organisation!!!! fuck!