The network device must use SNMP Version 3 Security Model with FIPS 140-2 validated cryptography for any SNMP agent configured on the device.Ī Community string is like a password, allowing SNMP Agents to vet polling from SNMP Collectors in a very crude way. Infrastructure Router STIG Finding V-3196 requires that SNMP v3 be used: While SNMP v3 does have the capability to push settings to remote devices many organizations don't opt to use it, in favor of more robust solutions like Ansible, Puppet, Chef, or proprietary management systems. SNMP v3 is the preferred version when both the Agent and Collector support it. Version 3 brings encryption and authentication, as well as the capability to push settings to remote SNMP Agents. The next version is the preferred choice, though some organizations still rely on v1 and v2c. Version 2c brings additional capabilities to SNMP but still relies on the Community string for security. It's not possible to delete the standard Community string, but the first command above renamed it and removed read access. This is why it's important to isolate SNMP to a dedicated management subnet and change the default Community string. If the Community string presented by the Collector matches the string configured on the Agent then it will be allowed to poll the device. There is no security built into v1 other than the SNMP Community string. Version 1 is the original SNMP version and is still widely used almost 30 years later. The three main versions are outlined below, and we will use v3. There are three major versions of the SNMP protocol that have been accepted by the industry, though others do exist. Windows, Linux, and Mac OS also feature SNMP Agents though they have to be enabled manually. Routers and switches almost always feature SNMP Agents. With SNMP being such a ubiquitous protocol there are a number of both open source and commercial collector suites, both hardware and software-based. Performance data retention requirements.Required granularity of the performance data.The frequency of performance data polling will depend on a few factors: SNMP Collectors poll devices for information, and SNMP Agents on the devices report that data. It is a pull protocol, meaning the SNMP monitor must reach out on a regular basis and poll devices for information. Simple Network Management Protocol (SNMP) is an industry-standard protocol for pulling performance information from network devices. A secure version of the SNMP protocol should be used, authentication configured, and non-default Community strings. SNMP can provide insight about a device's performance but there are some security considerations to take into account. MikroTik Security Guide and Networking with MikroTik: MTCNA Study Guide by Tyler Hart are both available in paperback and Kindle! Preface You can now get MikroTik training direct from Manito Networks.
0 Comments
Leave a Reply. |