You also may want to look into wrapping SSL around your SNMP traffic with something like stunnel. stunnel can go a long way toward adding security to services which are generally insecure. Just make sure that the boxes you are running SNMP on are in a very secure environment as well (i.e. no unauthorized users can even access SNMP ports). Also keep an eye out for SNMPv3. It hasn't been implemented yet, but when it's available it will be the secured version of SNMPv1. If you are serious about implementing SNMP then take a look through the O'Reilly book: "Essential SNMP", which covers using SNMP in a secure environment.
Miles Stevenson QuickHire Network Support Specialist -----Original Message----- From: Jason Lewis [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:56 PM To: 'JC'; [EMAIL PROTECTED] Subject: RE: SNMP security ACL's....for network devices and servers, only a small number of IP's/hosts are allowed to communicate via SNMP. It doesn't do much, but the SNMP communities are long and not easily guessed. There are no public communities. RW communities are only enabled where they are used. I used to have a list, I will look for it. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: JC [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 4:07 PM To: [EMAIL PROTECTED] Subject: SNMP security Hi Folks, SNMP security has been stated as one of the biggest security holes in companies networks today. I would like to ask all of the gurus out there what are you doing in your organization to secure SNMP. If you had a network where you were given complete control and you didn't have to accomidate anyone what would you do to secure SNMP? JC __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com
