Use access lists to limit the ip addresses that can query the snmp service
Use a complex "communitystring"
However, I don't know how to do the following and whether it is possible. Could anybody help?!?
When you enable the snmp agent on a Cisco device, can it be queried on any ip address that the router/switch holds?
For example, if a switch has 7 vlans with 7 ip addresses, will the snmp agent respond to snmp requests directed to all 7 of the ip addresses? If this is the case, can you limit the snmp agent to respond to snmp requests to a particular vlan/ip address?
If somebody were to try a dictionary attach againts the snmp service, what defences can you use?
For example, for logging onto the vty of a cisco device, we use:
login block-for 120 attempts 5 within 30
login delay 3
Would this apply to attempts to "log onto" the snmp service or is there an equivalent for snmp?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...