If your reading or writing to and from network objects using SNMP (ie cisco
routers), make sure you upgrade to the latest version of SNMP (version 3) which
has addon enhanced security features eg MD5 and DES encryption. This also needs
to manually configured into the routers ACL (username is still sent in clear
though). :(
However make sure that your routers IOS support the version of SNMP in use...
eg IOS versions 11.3 and below only support SNMP v 1 & 2... IOS 12.0 an up
supports all three... :)
Remove the RW string also if not needed.
Change/vary your community names per network object eg interior vs exterior
router.
2cents
To: [EMAIL PROTECTED]
cc: (bcc: Nicholas McKenzie)
Date: 13/11/2001 05:07
From: [EMAIL PROTECTED]
Subject: SNMP security
Hi Folks,
SNMP security has been stated as one of the biggest
security holes in companies networks today. I would
like to ask all of the gurus out there what are you
doing in your organization to secure SNMP. If you had
a network where you were given complete control and
you didn't have to accomidate anyone what would you do
to secure SNMP?
JC
__________________________________________________
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com
*******************Internet Email Confidentiality Footer*******************
Privileged/Confidential Information may be contained in this message. If you
are not the addressee indicated in this message (or responsible for delivery of
the message to such person), you may not copy or deliver this message to anyone.
In such case, you should destroy this message and kindly notify the sender by
reply email. Please advise immediately if you or your employer does not consent
to Internet email for messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the official business of my
firm shall be understood as neither given nor endorsed by it.
