We monitor most of our Cisco network devices with SNMP using devmon/xymon and cacti. We do this across a dedicated network management LAN. There are a few devices, primarily FWSM (firewall service modules) and ACE's that do not have network management LAN connections.
Our network team is balking at enabling SNMP for these devices on our production network.
I am just looking for feedback on whether having password protected read-only snmp enabled on our internal network is really risky or not? We need to be able to monitor these devices, and feel that it is not a real risk.
I am not an expert, but am hoping some of you can chime in with your thoughts? If this has been covered before, I apologize.
Health and Human Services Commission