Security Team executed their inbuilt security scans and provides the security scan report to the IT team to take appropriate actions. Below are few custom vulnerabilities for NTP, SNMP, ICMP, TCP protocols and VNC software as stated in our security scan report for ODAs. Please perform careful discussions, planning and impact analysis before implementing any of the below changes.
NTP
Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.
Below are the details from security scan report for NTP vulnerability.
| Vulnerability Title | Vulnerability Solution |
| NTP clock variables information disclosure | Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries. |
| NTP: Traffic amplification in clrtrap feature of ntpd | Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries. |
| NTP: Traffic Amplification in reslist feature of ntpd | Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries. |
| NTP: Information disclosure in reslist feature of ntpd (CVE-2014-5209) | Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries. |
| NTP: Traffic Amplification in listpeers feature of ntpd | Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries. |
| NTP: Traffic Amplification in peers feature of ntpd | Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries. |
As per the vulnerability solution to disable NTP queries, add the following restrictions in /etc/ntp.conf and restart ntp service.
restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1 – (restricts local clock)
server iburst
ICMP
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, like routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).
Below are the details from security scan report for ICMP vulnerability.
| Vulnerability Title | Vulnerability Solution |
| ICMP timestamp response | * Linux – Disable ICMP timestamp responses on Linux |
As per vulnerability solution to disable ICMP timestamp responses on Linux, use the below command to create a RULE to reject ICMP timestamp response:
ipchains -A input -p icmp –icmp-type timestamp-request -j DROP ipchains -A output -p icmp –icmp-type timestamp-reply -j DROP
SNMP
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.
Below are the details from security scan report for SNMP vulnerability.
| Vulnerability Title | Vulnerability Solution |
| Default or Guessable SNMP community names: public | Secure the SNMP installation * If you do not absolutely need SNMP, disable it. |
| SNMP credentials transmitted in cleartext | Secure the SNMP installation * If you do not absolutely need SNMP, disable it. |
As per vulnerability solution to disable SNMP, Issue below commands to disable snmpd packets from server.
To stop service: Service snmpd stop
To disable service at boot time: Chkconfig snmpd off
TCP
The
Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating by an IP network.Below are the details from security scan report for TCP vulnerability.
| Vulnerability Title | Vulnerability Solution |
| TCP timestamp response | Disable TCP timestamp responses |
As per vulnerability solution to disable TCP, update below parameters to mitigate the risk.
sysctl -w net.ipv4.tcp_timestamps=0
(OR)
vi /etc/sysctl.com –> add net.ipv4.tcp_timestamps=0
run sysctl -p /etc/sysctl.conf
VNC
In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.
Below are the details from security scan report for VNC vulnerability.
| Vulnerability title | Vulnerability Solution |
| VNC remote control service installed | Fix VNC remote control service installed. Remove or disable this service. If it is necessary, be sure to use well thought out (hard to crack) passwords |
Orama.blog 