Check out the SNMP section in this doc: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm
Additionally to the above suggestions, I would add: -Do not allow SNMP write capability, you almost never need it -Choose a _strong_ SNMP RO community. It should contain special characters such as #,$,@,&,^, etc. It's usually useful to pick a phrase that you can remember, such as "all engineers choose good passwords", pick the first letter or letters from each word: "all e c g p" and then selectively substitute special chars for certain alpha chars: "@ll $ c g )" for example. DO NOT pick things like company name, organization name, sports team mascots, pets names, etc. In general, treat the SNMP community string with the same care you would want the administrator of your payroll server to use for their password. (and assume if the payroll gets compromised, you don't get paid) -Consider using SNMPv3 so that you can use encryption. Alternatively, setup an IPSec tunnel between the monitoring stations and the routers for securing SNMP based communications. HTH, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Postman Pat Sent: Tuesday, May 21, 2002 4:49 AM To: [EMAIL PROTECTED] Subject: Securing SNMP [7:44605] Greetings, I would like to run SNMP on my router and would like some advice on how I could secure it. I would also like some input from you guys on whether you recommend SNMP at all as it seems like the only route that I can take in monitoring traffic on our internet access link. Regards LK Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44622&t=44605 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
