To expand on #5, have a look at
http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption
<http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption>.
In a hardened system, I would disable MD5 and DES as they are no longer
considered secure.
David Sips
On 4/19/21 4:15 PM, John Bize wrote:
I'll take a shot at this.
1. For an authoritative reply however, one should probably direct CIS
questions to CIS.
2. However, any reasonable security posture would have you disable
all unused services. This is simply SOP to reduce the attack
surface.
3. As for net-snmp specifically, it's always a good idea to check the
Certs. But depending on the document you are referencing, that is
likely just the SNMP package installed on your system by default.
4. And finally, SNMP v1 and v2c are insecure and can potentially
(depending on configuration) expose sensitive internal information
to unknown, unauthorized, and unauthenticated actors.
5. If you must use SNMP on a hardened system, use (configure) SNMP v3.
On 19-Apr-2021 3:47 PM, Mike Eggleston wrote:
Why does CIS hardening say to remove the net-snmp package from Linux?
Mike
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
