Security ConsiderationsΒΆ
The SC4SNMP solution implements SNMP in a compatible mode for current and legacy network device gear. SNMP is a protocol widely considered to be risky and requires threat mitigation at the network level.
- Do not expose SNMP endpoints to untrusted connections such as the internet or general LAN network of a typical enterprise.
- Do not allow SNMPv1 or SNMPv2 connections to cross a network zone where a man in the middle interception is possible.
- Many SNMPv3 devices rely on insecure cryptography including DES, MD5, and SHA. Do not assume that SNMPv3 devices and connections are secure by default.
- When possible use SNMPv3 with the most secure mutually supported protocol options.
- The default IP of each node should be considered a management interface and should be protected from network access by an untrusted device by a hardware or software firewall. When possible the IP allocated for SNMP communication should not be shared by the management interface.