Mailer: SecurityFocus In-Reply-To: <F7639F8D8672D3119DBC00508B7159B80A4F7D@TCUDSERVER1>
>Received: (qmail 3631 invoked from network); 14 Nov 2001 18:18:47 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.26) >>SNMP security has been stated as one of the biggest >>security holes in companies networks today. It sure is...particularly by those who don't know they have it enabled, and have no idea what it is. Of course, the same could be said about IIS. However, with the proper configuration of not only the SNMP agents themselves, but the entire infrastructure, it's not really an issue. >> If you had >>a network where you were given complete control and >>you didn't have to accomidate anyone what would you do >>to secure SNMP? Well, it depends on how much work you want to do. For example, w/ MS's agents, you can set which hosts the agents should respond to, in addition to the community string, etc. Block SNMP at the perimeter. Do not put agents on systems that will not be monitored. For agents that will be monitored, configure them in accordance with your policies. SNMP can be a BAD THING (tm) if you let it out onto the Internet, or if you leave the read/write community string in it's default configuration. If you don't need the ability to write to the system, then disable that functionality.