Tom's Hardware: Topic SNMP security
Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions.
Sign up now! Its free!
Archived from groups: microsoft.public.win2000.security,microsoft.public.windows.server.security (More info?)
They still are not on the CIM bandwagon, and so you are
looking at SNMP. IMO the use of SNMP and security
in the same breath is a mistake. SNMP v1 "security"
is not really there as far as I can tell. As such, allowing
relatively open read is much different from allowing
relatively open write.
--
Roger
"Jason" <jasons@hotmail.com> wrote in message
news
zymMvmCFHA.3888@TK2MSFTNGP09.phx.gbl...
> Hi everyone,
> We are planning to change the snmp security from read only to read write
on
> all our servers (w2k and w2k3 ),, include W2K domain controllers.
> What are the potential security issues on having SNMP security changed
from
> Read to Read -write on windows 2000 and windows 2003 servers ?
> The reason for the change is that we are pslnning to use Compaq Insight
> manager to push out the system BIOS to update our servers.
> Any help appreciated.
>
> Jason
>
>
Archived from groups: microsoft.public.win2000.security,microsoft.public.windows.server.security (More info?)
"Jason" <jasons@hotmail.com> wrote in message
newszymMvmCFHA.3888@TK2MSFTNGP09.phx.gbl...
> Hi everyone,
> We are planning to change the snmp security from read only to read write
on
> all our servers (w2k and w2k3 ),, include W2K domain controllers.
> What are the potential security issues on having SNMP security changed
from
> Read to Read -write on windows 2000 and windows 2003 servers ?
> The reason for the change is that we are pslnning to use Compaq Insight
> manager to push out the system BIOS to update our servers.
"Security" and "SNMP" are related only insofar as they both begin with the
letter "S" ;o)
I would suggest that, if possible, you look at disallowing SNMP traffic from
anywhere other than your chosen servers (i.e. block world'n'dog, but permit
CIM servers).
It seems like an "interesting" way to update the BIOS - I take it that
you've tested everything, to make sure that reverting to a default
configuration won't leave you with a heap of "dead" boxes?
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
Please mind
You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.
Sponsored links
Ad
They won a badge
Join us in greeting them
- 01:00 bew1075k won the Uniformed badge
- 01:00 Parasitic won the Uniformed badge
- 01:00 X3no won the Uniformed badge
- 01:00 Siq won the Uniformed badge
- 01:00 wayspooled won the Uniformed badge
- 01:00 chris62 won the Freshman badge
- 01:00 Tattysnuc won the Freshman badge
- 01:00 gamerk316 won the Freshman badge
- 05:23 jsc won the Overclocking badge
- 01:00 rolli59 won the Spy badge