Solved

Installing and cvonfiguring SNMPv3

Posted on 2013-06-12
2
296 Views
Last Modified: 2013-06-27
After security assessment we need to disable SNMP protocol on our network, install and configure SNMPv3.
Not sure if it possible to do it. Any advise?
0
Comment
Question by:fedmilk1
2 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 39243603
Does the equipment you have have support for snmp v3?

Snmpv3 includes username/password as part of the configuration parameters.
http://docwiki.cisco.com/wiki/Snmp_v3_configurations

What runs on your network?
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 250 total points
ID: 39243809
Yes, security assessments (particularly ones just doing an automated scan) often say this :)

Assuming you are on v2c then you need to perform a security review on each instance of the service detected.

1) Does this node *need* to be running snmp? are you monitoring it with snmp, and does it need to be listening (or can you rely on just traps)?

2) Does this node have anything exposed that shouldn't be (i.e. does it have RW access to snmp, when read only would do, does it expose anything sensitive)

2) Does this node have a set community string or something obvious (like "public" or the hostname)?

3) Can this node even support V3, or is it V2c or below only?

4) Does your monitoring software support V3, or would this require you to re-implement with a newer monitoring package.

5) can you restrict which IPs have access to the snmp (either via snmp settings, or a firewall setting)

once you have completed that review, then you can proceed to secure *as best suited to your environment* and can justify that in your response document to the security audit.

most sites are still on V2c. If you aren't checking anything sensitive, and have it locked down as best can be done in your environment (and particularly if you have a management-only vlan that is the access route to the control plane on applicable devices) then that is fine - you just need to acknowledge that and note it as a security decision.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Read about achieving the basic levels of HRIS security in the workplace.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question