Dachshund Digital <dachshund-digi...@dc.rr.com> writes: > And one more comment... SNMP is hated, by every internal security team > I have ever encountered.
A late reply (sorry), but to add one additional point to all the other wonderful comments (v1/v2c vs v3 certainly matters): It's not just about security of the protocol and whether the service is used or not. SNMP, by its very nature, allows access to a lot of internal information (as would any management protocol) and allows altering a lot of system systems if you have SETs enable and supported (as does any management protocol). In the end, it's a service that allows access to a lot of sensitive information. It is critical that you deploy it with forethought and good engineering practice. So the guidance of "don't use it if you don't need it" is spot on. And if you do need it (many of us do), deploy it with careful thought and security frameworks (snmpv3, firewalls, selective VACM configuration, etc). -- Wes Hardaker USC/ISI _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
