If you want to allow SNMP managers to access your system, you need
to be aware of the following security issues.
These security issues are important to be aware of:
- Someone who can access your network with SNMP can gather information about
your network. Information that you have hidden by using aliases and a domain-name
server becomes available to the would-be intruder through SNMP. Additionally,
an intruder might use SNMP to alter your network configuration and disrupt
your communications.
- SNMP relies on a community name for access. Conceptually,
the community name is similar to a password. The community name is not encrypted.
Therefore, it is vulnerable to sniffing. Use the Add Community for SNMP (ADDCOMSNMP)
command to set the manager internet address (INTNETADR) parameter to one or
more specific IP addresses instead of *ANY. You can also set the OBJACC parameter
of the ADDCOMSNMP or CHGCOMSNMP commands to *NONE to prevent the managers
in a community from accessing any MIB objects. This is intended to just be
done temporarily to deny access to managers in a community without removing
the community.