SNMP Recommendations

Unanswered Question
Sep 25th, 2009
User Badges:

How do you balance SNMPs relative lack of security vs. its flexibility use in managing your network? How do you handle your edge router and SNMP?

Do you ever use it on Internet facing devices?

Never use SNMP v1?

What other “best practices” do you recommend?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yjdabear Fri, 09/25/2009 - 07:09
User Badges:
  • Gold, 750 points or more

SNMPv3 (particularly with AuthPriv) helps a lot in addressing most of the traditional stigmas about SNMP lacking security. With SNMPv2 and below, I don't think it's too dramatically different from other accesses (console/vty) to the network devices--deny all, then open holes only to hosts network admins want them to, as needed. Here's a good starter on configuring SNMP, with examples of ACL and SNMP Views to limit access:

That, and a good IDS/IPS setup capable of catching any NIC going into promiscuous mode on your LAN.


This Discussion