ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpcontrolsnmp.htm

56 lines
3.4 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Control SNMP access" />
<meta name="abstract" content="If you want to allow SNMP managers to access your system, you need to be aware of the following security issues." />
<meta name="description" content="If you want to allow SNMP managers to access your system, you need to be aware of the following security issues." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpsnmp.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpcontrolsnmp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Control SNMP access</title>
</head>
<body id="tcpcontrolsnmp"><a name="tcpcontrolsnmp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Control SNMP access</h1>
<div><p>If you want to allow SNMP managers to access your system, you need
to be aware of the following security issues.</p>
<div class="p">These security issues are important to be aware of:<ul><li>Someone who can access your network with SNMP can gather information about
your network. Information that you have hidden by using aliases and a domain-name
server becomes available to the would-be intruder through SNMP. Additionally,
an intruder might use SNMP to alter your network configuration and disrupt
your communications.</li>
<li>SNMP relies on a community name for access. Conceptually,
the community name is similar to a password. The community name is not encrypted.
Therefore, it is vulnerable to sniffing. Use the Add Community for SNMP (ADDCOMSNMP)
command to set the manager internet address (INTNETADR) parameter to one or
more specific IP addresses instead of *ANY. You can also set the OBJACC parameter
of the ADDCOMSNMP or CHGCOMSNMP commands to *NONE to prevent the managers
in a community from accessing any MIB objects. This is intended to just be
done temporarily to deny access to managers in a community without removing
the community.</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpsnmp.htm" title="SNMP provides a means for managing the gateways, routers, and hosts in a network environment.">Security considerations for SNMP</a></div>
</div>
</div>
</body>
</html>