|
Posted by Todd H. on October 11, 2008, 1:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Mauroreggio@gmail.com writes:
> Hi all.
> I try read many about this protocol, but i've one simple question for
> all the expert that desire help me:
> What do you think about the use of SNMP protocol in READONLY MODE for
> monitor distributed geographic network with one single point (Zenoss
> box, in this case).
> I mean, is really so bad for security, in your experience, have
> packets that go around the network that give me the state of the
> machine that i monitor?
There are a couple of concerns. One is that SNMP mibs can reveal an
awful lot of information about the internal network that might not
otherwise be available. Are you comfortable with giving attackers
that information?
Also, suppose there is something allowing read/write mode to that
snmpd... its password goes across in the clear.
Are you logging or acting on brute force attacks against the daemon?
Are you willing to trust that the daemon on that box won't end up
having some sort of vulnerbaility for which an exploit could be
developed leading to the root compromise of the device?
If you can get comfortable on those fronts, then it's acceptable
risk... but generally speaking, it's a bad idea to allow snmp from
unauthenticated anonymous internet hosts.
--
Todd H.
http://www.toddh.net/
| 
XML site map