Not to agree to have SNMP turned on, I would always turn it off. But, in some large companies that I have noticed is that they use HP Openview. HP Openview uses SNMP for various things. In turn, it does not have to be there, but politics sometimes get the better and you need to find a way to a least secure it somewhat. HP Openview is like many application the will use SNMP, it can use the "gets", but does not have to use the "sets". In this turn you can find a Firewall that can do Application Level Filtering and can allow only SNMP "gets" and not "sets".
Chris -----Original Message----- From: Meritt James [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 8:57 AM To: [EMAIL PROTECTED] Subject: Re: SNMP security Roger, concur, stress, underline, comment on his understatement, ... Why does it HAVE to be on? What is the driving reason (besides "it is neat and everyone has it!")? "[EMAIL PROTECTED]" wrote: > > I'm assuming, even with the complete control that you have, you need SNMP. If not, and I hate to sound like a broken record, but turn it off. > > If you need it for monitoring, what are the platforms that you have SNMP enabled on? It's very easy to secure SNMP on a Cisco router, for example, but what else are you using SNMP for? -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
