Network Management Systems

Network Management System (NMS) is a network management system (NMS) is an application or set of applications that lets network administrators manage a network’s independent components inside a bigger network management framework. a NMS grants users the option users to monitor or manage their entire business operations using a central computer.

Popular uses: Most NMS main utilization is Network device discovery, Network device monitoring, Network performance analysis, Network device management and Intelligent notifications based on the admin’s focus.

Zabbix is an open-source monitoring software tool for diverse IT components (networks, servers, virtual machines) providing monitoring metrics such as network utilization, CPU load and disk space consumption.

Cacti provides a fast, advanced graph templating, multiple data acquisition methods, and user management features. Focused on a user-friendly interface that makes sense for LAN-sized installations up to complex networks with thousands of devices.

Nagios is a free and open-source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services.

PRTG Network Monitor is an agentless network monitoring software that can monitor and classify system conditions like bandwidth usage or uptime and collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications.

sysengpic

Network management systems are in regular communication with the devices on a company’s network. Getting access to a network management system may provide an attacker a current map of the company’s environment, without risking detection by running their own scans, which may put a firms’ entire operation vulnerable and at risk.

Previously, we had identified various vulnerabilities in NMS products such as an unauthenticated Access API Key in ManageEngine or a NMS Code exploit, alongside many others, with a potential risk for the systems and its users.

Think you figured out how to run unauthenticated commands on an NMS system? Found a Zabbix / PRTG vulnerability and don’t know what to do next? Let us be your guides!