Security Considerations¶
The SC4SNMP solution implements SNMP in a compatible mode for current and legacy network device gear. SNMP is a protocol widely considered to be risky and requires threat mitigation at the network level.
- Do not expose SNMP endpoints to untrusted connections such as the internet or general LAN network of a typical enterprise.
- Do not allow SNMPv1 or SNMPv2 connections to cross a network zone where a man in the middle interception is possible.
- Be aware many SNMPv3 devices rely on insecure cryptography including DES, MD5, and SHA. Do not presume SNMPv3 devices and connections are secure by default.
- When possible use SNMPv3 with the most secure protocol options mutually supported.
- The default IP of each node should be considered a management interface and should be protected from network access by an untrusted device by a hardware or software firewall. When possible the IP allocated for SNMP communication should not be shared by the management interface.