Moving to SNMPv3 at scale

January 3, 2019 | Filed Under: OperationsSecuritySecurity News

The United States Computer Emergency Readiness Team released alert TA17-156A regarding the abuse of SNMP.  The original alert can be found here: https://www.us-cert.gov/ncas/alerts/TA17-156A

There are a few big takeaways.

  • Move to SNMPv3
  • Limit what can reach your machines
  • Limit what those machines can see and do

A few realities at scale:

  • SNMP version identification
  • SNMP package distribution (if applicable)
  • OS upgrades (if applicable)
  • Source identification
  • Sources access control
  • Orchestration in a heterogeneous environment
Tags: , , ,