"Delete Default Device States"
"Devices with Specific Performance Monitor"
As many customers says that SNMP isn’t secure and asking if there is another way to monitor. SNMPv3 is more secure but it isn’t supported on more devices
The Simple Network Management Protocol (SNMP) defines a method by which the Network Management System (WhatsUp Gold) can view management information for a device (Router, Switch, Server, etc…).
SNMP is based on three concepts: managers, agents, and the Management Information Base (MIB). In any configuration, at least one manager node runs SNMP management software. Network devices to be managed, such as bridges, routers, servers, and workstations, are equipped with an agent software module. The agent is responsible for providing access to a local MIB of objects that reflects the resources and activity at its node.
SNMP Community Strings
The Community acts a type of password for SNMP. The Community strings are stored in the SNMP configuration of the SNMP client and it will only respond to SNMP requests from an NMS if it the requesting IP packet contains a matching Community String.
To get information from the SNMP enabled devices, we need to have read-only access where no SNMP management is allowed with this Community. SNMP information can be returned to the NMS, but it cannot be modified.
Neither SNMPv1 nor SNMPv2 offers security features. Specifically, SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for non-authorized users to eavesdrop on management information as it passes from managed systems to the management system.
SNMPv3 primarily added security and remote configuration enhancements to SNMP.
Securing SNMP connection
1. Read only
Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported.
2. Access-Control List
We can secure SNMP connection by using Access-Control lists. On a large number of devices that support SNMP, a second tier of security is provided by Access Control Lists. This is a simple list of IP addresses (or DNS names) that can be configured into the SNMP client. The network node will only respond to SNMP requests that are sourced from an IP address that is on the access-control list and other SNMP requests will be ignored. Access-control lists should be restricted to contain only the IP addresses of the valid NMS for each network.
We can summarize all the above in the next points: