Re: SNMP
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: Sat, 11 Oct 2008 12:21:14 -0500
Mauroreggio@xxxxxxxxx writes:
Hi all.
I try read many about this protocol, but i've one simple question for
all the expert that desire help me:
What do you think about the use of SNMP protocol in READONLY MODE for
monitor distributed geographic network with one single point (Zenoss
box, in this case).
I mean, is really so bad for security, in your experience, have
packets that go around the network that give me the state of the
machine that i monitor?
There are a couple of concerns. One is that SNMP mibs can reveal an
awful lot of information about the internal network that might not
otherwise be available. Are you comfortable with giving attackers
that information?
Also, suppose there is something allowing read/write mode to that
snmpd... its password goes across in the clear.
Are you logging or acting on brute force attacks against the daemon?
Are you willing to trust that the daemon on that box won't end up
having some sort of vulnerbaility for which an exploit could be
developed leading to the root compromise of the device?
If you can get comfortable on those fronts, then it's acceptable
risk... but generally speaking, it's a bad idea to allow snmp from
unauthenticated anonymous internet hosts.
--
Todd H.
http://www.toddh.net/
.
- References:
- SNMP
- From: Mauroreggio
- SNMP
- Prev by Date: Re: Sygate Firewall??
- Next by Date: Re: Replacement for Symantec Protection Agent?
- Previous by thread: SNMP
- Index(es):
Relevant Pages
|
