The Social Network For Security Professionals

Wednesday, Sep 08th

Last update08:59:55 AM GMT

You are here:: Security Knowledge Base Security Knowledge Sharing Threat Management Advice Best Practice for SNMP v3
Become a Sponsor
ask  unanswer questions  solved questions
Have a question? Ask it! Know an answer? Share it!

Open Question

sha

Best Practice for SNMP v3

We have a requirement to implement an SNMP v3, but since some of the device/services/applcations does not support SNMP v3 as of now, we are looking for any relevant/supporting standards/guidelines/best practice for implementing SNMP v2 as a compensating control. The overall control objectives is to ensure atleast some level of access control and possibly encryption. Any thoughts?

In Threat Management Advice Asked by sha

1 Answers 479 Views -

Open Question

tag snmp

add to Google Bookmark add to FURL add to digg add to Yahoo MyWeb Bookmark del.icio.us Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark technorati Bookmark facebook
answer form Answer this questions
toggle Show/Hide Answers

Answers

andrew

Best Practice for SNMP v3

Answered by andrew -

Unfortunately, SNMPv2 is not secure.
Here are some best practices:

1. Define strong community strings and disable RW access if not required.
2. Restrict available MIBS for polling (depends on your SNMP implementation on the device)
3. Use access lists to restrict the number of hosts allowed to poll the devices
4. Deploy the polling device as closest as possible of the target one (to avoid packets crossing over long network path and reduce the risk of lost packets (SNMP relies on UDP)
5. If possible perform polling into an encrypted tunnel (SSH works well)

Who's Online

0 users and 8 guests online

Blog Categories

Security Events

No current events.