- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Unsecure SNMP default settings?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 03:42 AM
тАО09-17-2008 03:42 AM
Unsecure SNMP default settings?
Hello all,
in most Procurve switches is the following line default:
snmp-server community "public" unrestricted
That does mean that the switch is open for unrestricted read/write from any SNMP device that knows the default "password" / community name?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 04:04 AM
тАО09-17-2008 04:04 AM
Re: Unsecure SNMP default settings?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 04:09 AM
тАО09-17-2008 04:09 AM
Re: Unsecure SNMP default settings?
>Yep
That is not so good. :)
Is the recommendation to change the community name, or to switch to "restricted" mode or to disable SNMPv2 totaly?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 04:54 AM
тАО09-17-2008 04:54 AM
Re: Unsecure SNMP default settings?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2008 06:04 AM
тАО09-21-2008 06:04 AM
Re: Unsecure SNMP default settings?
interesting default, isn't it?
I assume it's there for easy grabbing of new devices by PCM+, neglecting all the potential issues that follow. A question of misinterpretation of destination audience, if you ask me. Helping fools build networks will end in networks built by fools...
In a typical internal network, I propose to degrade the community "public" to read-only and operator level and introduce a new read-write and unrestricted community if necessary (let's say for PCM+) - and of course not call it "private" ;)
If there are concerns about "public", get rid of it altogether. If there are even more concerns, either switch to SNMPv3 or get rid of SNMP. It's a question of how you manage the devices.
Andre.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2008 06:24 AM
тАО09-21-2008 06:24 AM
Re: Unsecure SNMP default settings?
Hello Matt and Andre, and thank you for your answers!
It is actually very strange that HP in 2008 still uses this kind of default. (And of course other strange things like http and telnet server enabled by default, with dhcp address and no password.)
>Helping fools build networks will end in
>networks built by fools...
That is most likely true. I belive Microsoft has suffered a lot from this, by having operating systems that probably in reality have the same complexity as any Unix-systems or similar, but giving them an interface that makes it possible for most people to install it without any knowledge - that will of course lead to a lot of badly runned servers..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2008 11:12 AM
тАО09-21-2008 11:12 AM
Re: Unsecure SNMP default settings?
Few stuff i always recommend to do on any new ProCurve Switch:
- Disable the default SNMP settings.
- Create a new SNMP communities, one for Read, and another for Read/Write (IN case PCM+ or any other management software is installed).
- Enable Console inactivity timer:
Sw(config)#console inactivity 15 (minutes).
- Set the Date and Time since its VERY important to keep an eye on the logs.
- Set the Syslog server destination as the PCM+ (if its installed).
- If Vlan1 will not be used, Disable the DHCP IP from this Vlan.
Good Luck !!!