SNMP security

[Jason]

Archived from groups: microsoft.public.win2000.security,microsoft.public.windows.server.security (More info?)

Hi everyone,
We are planning to change the snmp security from read only to read write on
all our servers (w2k and w2k3 ),, include W2K domain controllers.
What are the potential security issues on having SNMP security changed from
Read to Read -write on windows 2000 and windows 2003 servers ?
The reason for the change is that we are pslnning to use Compaq Insight
manager to push out the system BIOS to update our servers.
Any help appreciated.

Jason

 

[Guest]

Archived from groups: microsoft.public.win2000.security,microsoft.public.windows.server.security (More info?)

They still are not on the CIM bandwagon, and so you are
looking at SNMP. IMO the use of SNMP and security
in the same breath is a mistake. SNMP v1 "security"
is not really there as far as I can tell. As such, allowing
relatively open read is much different from allowing
relatively open write.

--
Roger
"Jason" <jasons@hotmail.com> wrote in message
news:OzymMvmCFHA.3888@TK2MSFTNGP09.phx.gbl...
> Hi everyone,
> We are planning to change the snmp security from read only to read write
on
> all our servers (w2k and w2k3 ),, include W2K domain controllers.
> What are the potential security issues on having SNMP security changed
from
> Read to Read -write on windows 2000 and windows 2003 servers ?
> The reason for the change is that we are pslnning to use Compaq Insight
> manager to push out the system BIOS to update our servers.
> Any help appreciated.
>
> Jason
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security,microsoft.public.windows.server.security (More info?)

"Jason" <jasons@hotmail.com> wrote in message
news:OzymMvmCFHA.3888@TK2MSFTNGP09.phx.gbl...
> Hi everyone,
> We are planning to change the snmp security from read only to read write
on
> all our servers (w2k and w2k3 ),, include W2K domain controllers.
> What are the potential security issues on having SNMP security changed
from
> Read to Read -write on windows 2000 and windows 2003 servers ?
> The reason for the change is that we are pslnning to use Compaq Insight
> manager to push out the system BIOS to update our servers.

"Security" and "SNMP" are related only insofar as they both begin with the
letter "S" ;o)

I would suggest that, if possible, you look at disallowing SNMP traffic from
anywhere other than your chosen servers (i.e. block world'n'dog, but permit
CIM servers).

It seems like an "interesting" way to update the BIOS - I take it that
you've tested everything, to make sure that reverting to a default
configuration won't leave you with a heap of "dead" boxes?

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!