• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SNMP, how secure?

J

jlazzaro

Golden Member
How safe are RW SNMP community strings? Are they easily suseptiable to brute-force attacks? Sure a longer string would delay an attacker, but would it just be a matter of time?

CiscoWorks requires a RW string to pull/push IOS images, as well as another SNMP command enabling remote reloads. While it would make my life easier, just the thought of it scares me ;x

Maybe an ACL to limit SNMP traffic from just the CW server would negate the risk...
 
Use SNMP version 3 and put ACLs on the device. You can tell the device to only accept SNMP from trusted management stations.
 
yeah, SNMP v3 and an ACL to limit who can send the packets is ok.

I really wish we could replace some older gear with crypto images (with SSH support)
 
jlazzaro, SNMPv1 and v2 send community strings over the network in cleartext, so anyone who can sniff can get it. That's not very good security. v3 uses cryptographic means to protect that information (I believe it's encrypted, but would need to check - just in case it's actually a hash protocol or something).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top