SNMP RW OPINIONS NEEDED - SNMP

This is a discussion on SNMP RW OPINIONS NEEDED - SNMP ; Recently a consultant came into our Corporation and laughed at us for using a RW community string. He said that he only advises using a RW if you actively use it to manage the devices. While we do NOT currently ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: SNMP RW OPINIONS NEEDED

  1. SNMP RW OPINIONS NEEDED

    Recently a consultant came into our Corporation and laughed at us for
    using a RW community string. He said that he only advises using a RW
    if you actively use it to manage the devices. While we do NOT
    currently manage our devices via SNMP I would think that we eventually
    will, so I would like to continue using a RW string. Our string
    follows our password policy and would NOT be easy to compromise. Could
    I get some of your opinions on what you think about using a RW string?
    Thanks in advance.


  2. Re: SNMP RW OPINIONS NEEDED

    mnwild_mntwins@yahoo.com wrote:

    > Recently a consultant came into our Corporation and laughed at us for
    > using a RW community string. He said that he only advises using a RW
    > if you actively use it to manage the devices. While we do NOT
    > currently manage our devices via SNMP I would think that we eventually
    > will, so I would like to continue using a RW string. Our string
    > follows our password policy and would NOT be easy to compromise. Could
    > I get some of your opinions on what you think about using a RW string?


    Anybody able to sniff packets on your network will be able to read
    the community string. I leave it to you to judge whether this is a
    security issue or not...

    /js

    --
    Juergen Schoenwaelder International University Bremen
    P.O. Box 750 561, 28725 Bremen, Germany

  3. Re: SNMP RW OPINIONS NEEDED

    as i think,
    right now u r not using SNMP to manage devices.. but in future u may do
    so ...

    but what do u mean by manage device .. either Read/Get Data From
    Devices or Too some set also ..


    You may use 2 string .. one for read and one for write ... read only
    community string may be public ... but read-write must be known to some
    administrator...


    All in context of v2c ot v1 ... in v3 different solution ..


    Thanks
    Abhishek


    Juergen Schoenwaelder wrote:
    > mnwild_mntwins@yahoo.com wrote:
    >
    > > Recently a consultant came into our Corporation and laughed at us

    for
    > > using a RW community string. He said that he only advises using a

    RW
    > > if you actively use it to manage the devices. While we do NOT
    > > currently manage our devices via SNMP I would think that we

    eventually
    > > will, so I would like to continue using a RW string. Our string
    > > follows our password policy and would NOT be easy to compromise.

    Could
    > > I get some of your opinions on what you think about using a RW

    string?
    >
    > Anybody able to sniff packets on your network will be able to read
    > the community string. I leave it to you to judge whether this is a
    > security issue or not...
    >
    > /js
    >
    > --
    > Juergen Schoenwaelder International University Bremen
    > P.O. Box 750 561, 28725 Bremen,

    Germany


  4. Re: SNMP RW OPINIONS NEEDED

    I'm not an expert on this, but I have dabbled a bit.

    It would seem to make sense to implement ReadOnly community strings for
    the moment, on the simple security basis of not building in more access
    than is strictly necessary.

    How secure is the network over which you are operating SNMP? Have you
    done everything you can to harden it? As one of the other replies has
    said, if someone can access your network, then you're stuffed. I don't
    believe that there is any security or encryption built in to SNMP, at
    least at v1 and v2, and community strings are sent in cleartext, as it
    were. I think I read that the most that is done to protect them is that
    they may be broken up into pieces across packets, but that's still not
    at all secure.

    Without knowing how many devices you are trying to manage with SNMP, I
    can comfortably say that it is relatively easy for you to introduce RW
    community strings later.

    If you do a web search you should be able to turn up a few papers on
    how secure SNMP is or isn't, particularly in relation to any of the
    implementations you are running.

    And of course, security is bound by the law of diminishing returns. How
    secure does your network NEED to be? What would be the cost of it being
    compromised? What would be the reason for someone compromising it? And
    how hard would one or more people be trying to compromise it?


+ Reply to Thread