EcoStruxure IT forum
A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.
Posted: 2020-07-04 03:51 PM
This question was originally posted on DCIM Support by Shaik Mahboob Ali on 2018-03-28
The community name of the remote SNMP server can be guessed.
It is possible to obtain the default community name of the remote SNMP server.
An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications).
Disable the SNMP service on the remote host if you do not use it. Either filter incoming UDP packets going to this port, or change the default community string
(CID:129412678)
Posted: 2020-07-04 03:51 PM
This answer was originally posted on DCIM Support by Christopherus Laurentius on 2018-03-28
DCO?
Do any of the following from Webmin
Enabling Data Center Operation monitoring through Data Center Expert
Edit 1:
DCE:
SNMP access to DCE can be enabled/disabled or you can change the community name from:
(CID:129412762)
Posted: 2020-07-04 03:51 PM
This answer was originally posted on DCIM Support by Christopherus Laurentius on 2018-03-28
DCO?
Do any of the following from Webmin
Enabling Data Center Operation monitoring through Data Center Expert
Edit 1:
DCE:
SNMP access to DCE can be enabled/disabled or you can change the community name from:
(CID:129412762)
Posted: 2020-07-04 03:51 PM
This comment was originally posted on DCIM Support by Steven Marchetti on 2018-03-28
In addition to Chris' comments, the "public" read string is a common default. It can simply be changed to something other than "public" as you yourself noted.
(CID:129412882)
Posted: 2020-07-04 03:51 PM
This answer was originally posted on DCIM Support by Ed Tarento on 2018-04-01
Always change the SNMP V1 community string.
Depending on customer requirements and security considerations I often recommend not using SNMP V1 write.
You can further secure your SNMP agents by allowing only SNMP read (GET etc) from selected IP addresses, e.g. DCE.
(CID:129413909)
Posted: 2020-07-04 03:51 PM
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.