Solved

Installing and cvonfiguring SNMPv3

Posted on 2013-06-12
2
295 Views
Last Modified: 2013-06-27
After security assessment we need to disable SNMP protocol on our network, install and configure SNMPv3.
Not sure if it possible to do it. Any advise?
0
Comment
Question by:fedmilk1
2 Comments
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
ID: 39243603
Does the equipment you have have support for snmp v3?

Snmpv3 includes username/password as part of the configuration parameters.
http://docwiki.cisco.com/wiki/Snmp_v3_configurations

What runs on your network?
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 250 total points
ID: 39243809
Yes, security assessments (particularly ones just doing an automated scan) often say this :)

Assuming you are on v2c then you need to perform a security review on each instance of the service detected.

1) Does this node *need* to be running snmp? are you monitoring it with snmp, and does it need to be listening (or can you rely on just traps)?

2) Does this node have anything exposed that shouldn't be (i.e. does it have RW access to snmp, when read only would do, does it expose anything sensitive)

2) Does this node have a set community string or something obvious (like "public" or the hostname)?

3) Can this node even support V3, or is it V2c or below only?

4) Does your monitoring software support V3, or would this require you to re-implement with a newer monitoring package.

5) can you restrict which IPs have access to the snmp (either via snmp settings, or a firewall setting)

once you have completed that review, then you can proceed to secure *as best suited to your environment* and can justify that in your response document to the security audit.

most sites are still on V2c. If you aren't checking anything sensitive, and have it locked down as best can be done in your environment (and particularly if you have a management-only vlan that is the access route to the control plane on applicable devices) then that is fine - you just need to acknowledge that and note it as a security decision.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now