General discussion


Secure SNMP on Linux

By r_s_shekar ·
We have servers(RH 7.2) running on a public ip (co-located), for monitoring purpose we would like to enable SNMP without compromising security.

Please let us know the secure way of enabling SNMP, not having to compromise security.

Thanks in advance,


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to Secure SNMP on Linux

it's not possible.
any time you allow a service to access the internet you have lost security.
( even a webserver )

configure snmp to use a non standard port, and tweak it to work only through an encrypted link.
do NOT transmit encryption keys over the net, always use disk for them.
then with the right key pairs on both machines ( either end ) you can use encrypted transfer, without risking the key having been caught through a traffic sniffer.

there is no true security online, only acceptable levels of risk.
what is acceptable is very much a matter of personal opinion.

Collapse -

by Jaqui In reply to

GRC Port Authority Report created on UTC: 2005-08-15 at 07:27:55

Results from scan of ports: 0-1055

1 Ports Open
5 Ports Closed
1050 Ports Stealth
1056 Ports Tested

The port found to be OPEN was: 22

Ports found to be CLOSED were: 20, 21, 80, 113, 443

Other than what is listed above, all ports are STEALTH.

this is my workstation pc, under linux.
I don't even have ftp on by default.
( xinetd vertsion, that's why the port is open )
apache ( turned off so port closed )

you see why I say any service access is a breach of security.

Collapse -

by jmgarvin In reply to Secure SNMP on Linux

SNMP is NOT secure in any way shape or form. My only suggestion is using a VPN to come inside your network and then connecting to the SNMP server from there.

Related Discussions

Related Forums