I've been reading up on SNMP and it seems that security is an issue if not done correctly (and since it's complicated, I doubt my first attempts will be done correctly). Since most of what I want to monitor lies in remote offices, the majority of the connections are over the Internet. I was concerned about exposing that much data to the Internet and also the potential of SNMP used to as an exploit tool.
And that brings up another question. I typically use SSH to tunnel into a remote network and port forward to where I need to go. There doesn't seem to be an easy or practical way to do this with Zen. Can anyone recommend a way to aggregate scan results from remote locations like this? Is it possible to have one Zen server at each site and have the results forwarded on to a master server? ----- Original Message ----- From: Dimitar G. Katerinski <[EMAIL PROTECTED]> To: General discussion of using zenoss system <[email protected]> Sent: Wednesday, January 17, 2007 4:43:27 AM GMT-0500 Subject: Re: [zenoss-users] Process monitoring with SSH? On Monday 15 January 2007 16:36, W. Chris Shank wrote: > Is this in the roadmap? > > What is the best way to get the most out of Zenoss without opening up > remote servers to potential security problems with SNMP? And what exactly are those potential security problems with SNMP? When implemented right, SNMP is the right protocol to be used for monitoring. Just setup snmp daemon for ro only comunity, deny all rw requests, use snmp v3 for privacy of the connection, and you should be ok. Oh, yes, you could use a little help from iptables for extra security on the OSI layer 4. SSH IMHO adds a lot of overhead both for the monitoring system and the monitored machine. Regards, Dimitar G. Katerinski -- http://tropot.net/photoblog/ - my life. in pictures. _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users -- W. Chris Shank ACE Technology Group, LLC www.myremoteITdept.com (610) 640-4223 -------------------------------- Security Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
_______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
