-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This was just posted to the list Monday, but I'll go ahead and repeat it and see if the moderator passes it. As far as SNMP, use a long string of mixed alpha-numeric characters for your community string and set explicit rules to only allow it to the required devices along with the associated replies in addition to traps from any required devices. SNMP, other than V3, does not support encryption or authentication, and most devices and management applications do not support SNMP V3. A few do, such as OpenNMS or Openview Network Node Manager with the SNMP Research security pack. However, devices have only very recently started to support SNMP V3, such as Cisco in a recent IOS release, NET-SNMP, and a few others. Also, for monitoring purposes, all community strings should be set to RO. If sets (RW) are required, limit it to internal devices and set the allowed managers to a single internal source. Rob - -----Original Message----- From: JC [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 3:07 PM To: [EMAIL PROTECTED] Subject: SNMP security Hi Folks, SNMP security has been stated as one of the biggest security holes in companies networks today. I would like to ask all of the gurus out there what are you doing in your organization to secure SNMP. If you had a network where you were given complete control and you didn't have to accomidate anyone what would you do to secure SNMP? JC __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA+AwUBO/HsTua2P6TrxG1EEQKDHwCbBNFiporBIvnVwMOkgzSENSB+JToAljES Pm1V0FcyvToJN+Ptc3CQAhI= =VNKh -----END PGP SIGNATURE-----
PGPexch.htm.asc
Description: PGPexch.htm.asc
