Date: Tue, 22 Jul 1997 16:07:34 -0600 (MDT) From: John-David Childs <jdc@denver.net> To: Khetan Gajjar <khetan@iafrica.com> Cc: questions@FreeBSD.ORG Subject: Re: UCD-SNMPd Message-ID: <Pine.BSI.3.95.970722160053.20130C-100000@milehigh.denver.net> In-Reply-To: <Pine.BSF.3.95q.970722231409.24639M-100000@chain-gateway.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Jul 1997, Khetan Gajjar wrote: > Hi. > > I've just installed ucd-snmp, and am using it in conjunction with mrtg > to graph system bandwidth (as described in a earlier thread). I'm > curious as to how to "secure" the snmpd, because as I understand it, > right now it's wide open. > It's wide open in the sense that if you're using SNMPv1 to monitor/query devices outside your local LAN control, your SNMP packets could be sniffed. A modicum of security is provided by having different read and write community strings. You could also use access lists/filters to control packet source/destination. Of course, neither of these is foolproof. SNMPvSEC is supposed to provide encryption of the community-strings (and possibly the SNMP packet itself), but I haven't done enough homework to speak authoritatively on the subject. -- John-David Childs (JC612) @denver.net/Internet-Coach System Administrator Enterprise Internet Solutions & Network Engineer 901 E 17th Ave, Denver 80218 Westheimer's Discovery: A couple of months in the laboratory can frequently save a couple of hours in the library.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970722160053.20130C-100000>