[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Installing and cvonfiguring SNMPv3

After security assessment we need to disable SNMP protocol on our network, install and configure SNMPv3.
Not sure if it possible to do it. Any advise?
0
fedmilk1
Asked:
fedmilk1
2 Solutions
 
arnoldCommented:
Does the equipment you have have support for snmp v3?

Snmpv3 includes username/password as part of the configuration parameters.
http://docwiki.cisco.com/wiki/Snmp_v3_configurations

What runs on your network?
0
 
Dave HoweCommented:
Yes, security assessments (particularly ones just doing an automated scan) often say this :)

Assuming you are on v2c then you need to perform a security review on each instance of the service detected.

1) Does this node *need* to be running snmp? are you monitoring it with snmp, and does it need to be listening (or can you rely on just traps)?

2) Does this node have anything exposed that shouldn't be (i.e. does it have RW access to snmp, when read only would do, does it expose anything sensitive)

2) Does this node have a set community string or something obvious (like "public" or the hostname)?

3) Can this node even support V3, or is it V2c or below only?

4) Does your monitoring software support V3, or would this require you to re-implement with a newer monitoring package.

5) can you restrict which IPs have access to the snmp (either via snmp settings, or a firewall setting)

once you have completed that review, then you can proceed to secure *as best suited to your environment* and can justify that in your response document to the security audit.

most sites are still on V2c. If you aren't checking anything sensitive, and have it locked down as best can be done in your environment (and particularly if you have a management-only vlan that is the access route to the control plane on applicable devices) then that is fine - you just need to acknowledge that and note it as a security decision.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now