3 Sep
2001
3 Sep
'01
06:54
SNMP is not only read but write typically. Community strings are often easy to guess, easier to sniff (cleartext). I suggest _heavilly_ firewalling snmp and maybe using ssh port forwarding or ipsec to encrypt it.
SSH won't help, as it can only perform port forwarding of TCP ports, AFAIK, while SNMP uses UDP only. I suggest a physically separate LAN or IPSec for SNMP (and syslog, BTW). And you should configure your SNMP server as tightly as possible. Make snmpwalk show only what it needs to. Cheers Tobias