HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 37
SNMP Security Guidelines, Note on SNMP, Access to, Authentication
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 37 highlights
Security Overview Getting Started with Access Security SNMP Security Guidelines In the default configuration, the switch is open to access by management stations running SNMP (Simple Network Management Protocol) management applications capable of viewing and changing the settings and status data in the switch's MIB (Management Information Base). Thus, controlling SNMP access to the switch and preventing unauthorized SNMP access should be a key element of your network security strategy. General SNMP Access to the Switch. The switch supports SNMP versions 1, 2c, and 3, including SNMP community and trap configuration. The default configuration supports versions 1 and 2c compatibility, which uses plain text and does not provide security options. ProCurve recommends that you enable SNMP version 3 for improved security. SNMPv3 includes the ability to configure restricted access and to block all non-version 3 messages (which blocks version 1 and 2c unprotected operation). SNMPv3 security options include: ■ configuring device communities as a means for excluding management access by unauthorized stations ■ configuring for access authentication and privacy ■ reporting events to the switch CLI and to SNMP trap receivers ■ restricting non-SNMPv3 agents to either read-only access or no access ■ co-existing with SNMPv1 and v2c if necessary SNMP Access to the Authentication Configuration MIB. A management station running an SNMP networked device management application, such as ProCurve Manager Plus (PCM+) or HP OpenView, can access the switch's management information base (MIB) for read access to the switch's status and read/write access to the switch's authentication configuration (hpSwitchAuth). This means that the switch's default configuration now allows SNMP access to security settings in hpSwitchAuth. Note on SNMP Access to Authentication MIB Downloading and booting from the software for the first time enables SNMP access to the authentication configuration MIB (the default action). If SNMPv3 and other security safeguards are not in place, the switch's authentication configuration MIB is exposed to unprotected SNMP access and you should use the command shown below to disable this access. 1-15