Dachshund Digital <dachshund-digi...@dc.rr.com> writes:

> And one more comment... SNMP is hated, by every internal security team
> I have ever encountered. 

A late reply (sorry), but to add one additional point to all the other
wonderful comments (v1/v2c vs v3 certainly matters):

It's not just about security of the protocol and whether the service is
used or not.  SNMP, by its very nature, allows access to a lot of
internal information (as would any management protocol) and allows
altering a lot of system systems if you have SETs enable and supported
(as does any management protocol).

In the end, it's a service that allows access to a lot of sensitive
information.  It is critical that you deploy it with forethought and
good engineering practice.  So the guidance of "don't use it if you
don't need it" is spot on.  And if you do need it (many of us do),
deploy it with careful thought and security frameworks (snmpv3,
firewalls, selective VACM configuration, etc).

-- 
Wes Hardaker
USC/ISI


_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to