Best linux snmp trap receiver password#
Engineers tasked with managing SNMP configurations often over look this concept, which leads to the creation of easily guessable community strings that fall outside the organization's password complexity policies. Whether the decision is made to leverage SNMP v3 or not, the next most pressing consideration is the premise that SNMP community strings are essentially used as “Passwords” for device authentication within the context of an SNMP management infrastructure. Properly implementing SNMPv3 is not for the faint of heart, but is highly recommended and should be considered if the security of SNMP usage in the environment is approached seriously. In most cases, the first thing to consider when remediating this concern is: Enable and configure SNMPv3 The first thing to remember about SNMP versions 1, 2, and 2c is that the community strings used for authentication are communicated in cleartext over the network and can potentially be captured while in transit and used to conduct subsequent attacks against other internal network infrastructure. Over the past several years while conducting security research in the area of Simple Network Management Protocol (SNMP) and presenting those findings at conferences around the world we are constantly approached with the same question: “What are the best practices for securing SNMP”? By Deral Heiland, Research Lead, and Brian Tant, Senior Consultant, of Rapid7 Global Services