* Kurt Seifried wrote on Sat, Sep 01, 2001 at 13:49 -0600:
SNMP is not only read but write typically.
In it's default configuration, really?
Community strings are often easy to guess,
defaults to public - nothing to guess :)
easier to sniff (cleartext).
I thought it's possible to set up SNMP using some encryption by itself, but a quick search didn't found a useful HOWTO neither about SNMP nor encryption nor security... Except "disable if not needed"...
I suggest _heavilly_ firewalling snmp
Yep, of course the firewalls restrict it to just one machine, but I would like to make sure that the snmpd will not allow bad things under any cirumstances. Firewalling is quite clear, like always :)
and maybe using ssh port forwarding or ipsec to encrypt it.
IPSec with each machine is to expensive and won't help, since it the monitor gets compromised IPSec can be used by unauthorized software - same for SSH, so I don't see a big improvement. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.