> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of arijit
> Sent: Friday, January 04, 2008 4:09 AM
> If I were to prevent access from only a few specific hosts
> (or subnets) to the agent, is there any way to do it using
> VACM? If not, what would be a preferred way of implementing the same?
Host based access is not supported by VACM, which is a good thing,
because hosts are so spoofable. Suggested improvements:
- For general read only access, create a user with a well known
password. Block this user from reading VACM and USM, as well as any other MIBs
or objects which may contain sensitive information.
- For read/write access, create users for each person that will be
granted access. From a security standpoint it does not matter which host they
are working from, but who they are.
- If you are addressing traffic flow issues, use traffic flow tools.
Your firewall can prevent or restrict all contact with the SNMP port(s) based
on source host.
HTH,
Mike
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
