On 23 Jul 99, at 14:15, Waller, Pierre wrote:
> I want to manage device outside LAN by SNMP protocol.
> I will authorize administration console to communicate with each outside
> device using port 161 and 162.
> Only specified IP device would be able to pass through firewall using SNMP
> protocol.
>
> Is that sufficient enough or is it too much ?
That's probably sufficient to allow you to manage the devices.
I'd be concerned, though, that in this case your firewall does nothing to
prevent *others* from also managing those devices. [Our network gets scanned
by misconfigured SNMP management tools about every two months, and
deliberately by people looking for exposed SNMP interfaces about every month.
[We can usually tell the difference by the "footprints" of the scans, and by
the reactions we get when we report them....]
At a minimum, you should configure SNMP on these devices to use a non-
default community name, and take advantage of any authentication and address-
restriction options to try and secure this service interface.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
