Note on SNMP
Access to
Authentication
MIB
Security Overview
Getting Started with Access Security
SNMP Security Guidelines
In the default configuration, the switch is open to access by management
stations running SNMP (Simple Network Management Protocol) management
applications capable of viewing and changing the settings and status data in
the switch’s MIB (Management Information Base). Thus, controlling SNMP
access to the switch and preventing unauthorized SNMP access should be a
key element of your network security strategy.
General SNMP Access to the Switch. The switch supports SNMP
versions 1, 2c, and 3, including SNMP community and trap configuration. The
default configuration supports versions 1 and 2c compatibility, which uses
plain text and does not provide security options.
ProCurve recommends that you enable SNMP version 3 for improved security.
SNMPv3 includes the ability to configure restricted access and to block all
non-version 3 messages (which blocks version 1 and 2c unprotected
operation).
SNMPv3 security options include:
â– configuring device communities as a means for excluding management
access by unauthorized stations
â– configuring for access authentication and privacy
â– reporting events to the switch CLI and to SNMP trap receivers
â– restricting non-SNMPv3 agents to either read-only access or no access
â– co-existing with SNMPv1 and v2c if necessary
SNMP Access to the Authentication Configuration MIB. A
management station running an SNMP networked device management
application, such as ProCurve Manager Plus (PCM+) or HP OpenView, can
access the switch’s management information base (MIB) for read access to
the switch’s status and read/write access to the switch’s authentication
configuration (hpSwitchAuth). This means that the switch’s default
configuration now allows SNMP access to security settings in hpSwitchAuth.
Downloading and booting from the software for the first time enables SNMP
access to the authentication configuration MIB (the default action). If SNMPv3
and other security safeguards are not in place, the switch’s authentication
configuration MIB is exposed to unprotected SNMP access and you should
use the command shown below to disable this access.
1-15
To Next Page
Loading...
Need help?
General