SNMP Recommendations

Unanswered Question
Sep 25th, 2009

How do you balance SNMPs relative lack of security vs. its flexibility use in managing your network? How do you handle your edge router and SNMP?

Do you ever use it on Internet facing devices?

Never use SNMP v1?

What other “best practices” do you recommend?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Fri, 09/25/2009 - 07:09

SNMPv3 (particularly with AuthPriv) helps a lot in addressing most of the traditional stigmas about SNMP lacking security. With SNMPv2 and below, I don't think it's too dramatically different from other accesses (console/vty) to the network devices--deny all, then open holes only to hosts network admins want them to, as needed. Here's a good starter on configuring SNMP, with examples of ACL and SNMP Views to limit access:

http://www.netcraftsmen.net/resources/archived-articles/370-configuring-snmp-in-cisco-routers.html

That, and a good IDS/IPS setup capable of catching any NIC going into promiscuous mode on your LAN.

Actions

This Discussion