Quick-Tip: How to Make SNMP More Secure

TruePath Technologies Quick Tips: How to Make SNMP More Secure

People are always asking us about SNMP and security.

We recently ran across this quick tip from Tony Fortunato of Lovemytool.com and knew we had to share it.

While working with a client recently, Fortunato had a conversation about potential security risks when enabling SNMP V2. He explained that, while the security risks are likely true, it depends on how you configure it combined with how your network behaves with it. And, ultimately, it’s a temporary solution which can simply be turned off after it is no longer needed.

As Fortunato explains, there are options for making SNMP more secure:

I started to draw a simple network diagram of his network and identified that his firewalls don’t allow SNMP from the internet so that possible issue is covered.

I then showed him some Cisco configuration commands to prevent SNMP traffic from devices and networks that we can specify.

The Cisco commands look like this;

snmp-server community notpublic RO 99

The above command enables and configures the snmp service with a read only string of notpublic. The 99 refers to an access list where we control what devices have permission to perform SNMP queries.

access-list 99 permit 10.44.10.0 0.0.0.255

With this command we define that access-list 99 only allows devices from subnet 10.44.10.0

You should test by performing an SNMP query with your network management tool to ensure that is has access but you should ensure that unauthorized devices do not have access.

You can get an idea if your access list is working as well with the following Cisco command;

show access-list 99

Standard IP access list 99

10 permit 10.44.10.0, wildcard bits 0.0.0.255 (684 matches)

The same points apply to Microsoft (plus WMI) or other devices. 

Fortunato goes on say that it’s important to determine how you can get more data from your devices while troubleshooting or baselining.

We hope you enjoyed this quick tip on SNMP and security!

Headed to the Hudson: TruePath Technologies Sponsors Park Ave Bike Shop

TruePath Technologies Sponsors Park Ave Bike Shop

Those who know us know we love to give back at every chance we get.

We recently had the pleasure of sponsoring the Park Ave Bike Shop and their club out of Rochester, NY.

Daniel Elner of Park Ave said:

“My fellow club members and I cannot thank you enough for your support on this past trip. Your generosity and passion for the sport made our trip possible.”

Check out some of the awesome pictures from Daniel’s group riding to the Hudson River:

We’re proud to have been able to support Park Ave Bike Shop and look forward to more great opportunities in the future!

TruePath Technologies Sponsors SharkFest 2017!

TruePath Technologies Sponsors SharkFest Wireshark Conference 2017

Wireshark, the widely-used network protocol analyzer, is gearing up for yet another SharkFest U.S. conference!

For those not familiar, SharkFest is an annual educational conference designed to help developers and users from the Wireshark community share knowledge, experience, and best practices. And this year, SharkFest celebrates its 10th-year anniversary at Carnegie Mellon University in Pittsburgh, Pennsylvania.

But the best part? TruePath is the official SharkFest 2017 Breaks sponsor! Check it out:

We’re proud to be sponsoring SharkFest U.S. 2017 and supporting Wireshark. You can view our full range of ntop products in our store including ntop software and nBox probes and recorders here.

So, will we see you there? Register today before it’s too late. See below for more info:

Wireshark SharkFest 2017 via TruePath Technologies

  1. When: June 19th through the 22nd
  2. Where: Carnegie Mellon University in Pittsburgh, Pennsylvania
  3. SharkFest Website: SharkFest.wireshark.org
  4. Registration Page: Register for SharkFest U.S. 2017

Worldwide Business with Kathy Ireland Features OP5 This Sunday, 3/19, at 5:30 P.M. EST

null

Don’t miss it!

This Sunday, 3/19, at 5:30 P.M. EST our friends at OP5 will be featured exclusively on Worldwide Business with Kathy Ireland.

OP5 LogoOP5 is an industry-leading developer of Open Source Management solutions. They offer
enterprise-class software for monitoring and administration of the whole IT infrastructure, from hardware and software to virtual and cloud-based services.

As the premiere provider of OP5 services in North America, TruePath is excited to see our friends CEO Jonas Vestin and CTO Jan Josephson of OP5 discuss with Kathy how companies can take control of their IT monitoring in today’s fast-paced era of digitalization.

From the OP5 blog:

“OP5 wants to reach a broad audience in the US to raise the issues of monitoring related to “the cloud” and “the new age of digitalization”.

…Many people forget that in the basement there has to be servers handling the digitalization. And these servers and networks need to be monitored in the most competent way possible. If a server goes down, the business might suffer tremendously. The Forrester study also outlines that natural disasters is the least of your worries. The top reasons for downtime are related to IT hardware (43%) and network (37%).

…By monitoring your IT, you can get control over everything from the smallest switch to the cloud. Knowing where you are, where you want to be and measure the status in between is a key to be competitive and provide a stable, secure high capacity IT. If a problem arises somewhere, the average IT organization of today will spend ten times more time finding the problem than fixing it. This is a challenge that we as a company solve for our customers.”

The exclusive 10-minute segment airs 3/19 on Fox Business News at 5:30pm EST as sponsored programming. Miss the airtime? No worries. Check back here later for a link to the recorded segment.

__________________________

Worldwide Business with Kathy Ireland® is an award winning business and health program that is independently produced. The show provides its viewers an in-depth opportunity to find solutions to the industry problems from some of the top business leaders from across the globe.

For more information, visit Worldwide Business with Kathy Ireland.

New Year, New Tools! And We’ve Got the First Peek into HWgroup’s Latest Product Line

If you have been keeping up with the TruePath blog, (which we trust you have!) you would know that over the past three months we have introduced cool, new tools that can take your business to the next level. During each educational webinar, TruePath’s CEO, Douglas Mauro, highlights the tools our team uses every day that make our jobs easier, more effective and efficient.

With 2017 in full swing, we’re already seen a plethora of hot new tools and products that can help your business stay streamlined. However, our team of experts have tracked down a new-to-market product portfolio for you that’s a must-see—or rather demo—which is exactly what we have planned for you starting at 11am EST, February 24th.

StockSnap_92NRLPJRMOMark your calendars, as during this webinar, Douglas will introduce you to intuitive new tools coming from HWgroup. In case you haven’t heard of them, HWgroup is a manufacturer of sensors with an IP interface and its products are expertly designed for IT, data center, industrial and security applications. Following the company’s release of its latest units, TruePath is giving you, our webinar attendees, an in-depth first look at this and some of the other strategic tools we here at TruePath use in-house.

Interested in learning more? Click here to reserve your webinar seat!
Did we mention registration is free?

For more information on TruePath’s webinar series, or to catch up on parts one and two, visit us online at http://truepathtechnologies.com/cooltoolswebinarseries/.

Don’t forget to follow #ThePathtoCoolTools for the latest news on the series!

TruePath’s Tools to Take with You into 2017

As this year winds down and you start to prepare for what’s to come in 2017, those typical end-of-year activities begin to pop up: work projects, budget cuts, the holidays – the list goes on and on. Believe us when we say we understand how it can sometimes be nothing short of overwhelming. In the midst of all that end-of-year madness, we know you aren’t looking or perhaps even thinking about what products and tools could help your business stay streamlined, but you should be.

As you turn the corner into a prosperous 2017, you should be considering which tools your company cannot live without, ones that you should probably let go and future tools you should be using. Think of this as a company-wide spring cleaning, but in the dead of winter.

So where do you start? That is where our team of experts come into play. We have recently announced the second installment of our 5-part webinar series that introduces you to those effective and results-oriented tools worth using as you head into the New Year.

That’s why we hope you’ll take an early lunch break on December 16th at 11am EST, to join our CEO, Douglas Mauro, as he dives into the tools TruePath Technologies uses every day to help manage and grow its business. In this webinar you can expect to see:

Hot Keyboard Pro. Tired of typing the same things over and over? Your email? Your join.me dial-in? This is a GREAT macro to speed up your life!

Dropbox. Home for all your photos, docs, videos, and files. And as an added bonus, anything you add to Dropbox will automatically appear on all your devices!

RegExr. An online tool to learn, build, & test Regular Expressions (RegEx / RegExp). Results update in real-time as you type.

To reserve your spot and to find out more information, visit us online at http://truepathtechnologies.com and don’t forget to follow #ThePathtoCoolTools for all the latest news on the series!

Did we mention registration is free? Click here!

TruePath Cool Tools: A Series for Us All

In a world that is constantly evolving, especially when it comes to the Internet, the Internet of Things (IoT), The Internet of Everything (IoE) and just about everything else in the tech industry, it’s hard to know which programs and products are most efficient or worth the download. Every time we enter the app store, we are bombarded with new products being advertised that can improve our productivity, organization and lifestyle but which ones are worth our time and most importantly, our money?

It’s time we took matters into our own hands. Our team of experts at TruePath Technologies, are bringing you a new webinar series unlike any you’ve seen before.

This 5-part webinar series will introduce you to tools we use every day and consider “cool”. They will differ in types, such as password safety, ways to increase your productivity, screen-casting and many, many more! Please note, we aren’t getting paid to advertise and promote these products. On the contrary, we are sharing them because we WANT you to know which tools are worth looking into. It’s time we shared the 2016 Awarded “TruePath Cool Tools”

During each webinar, you can expect to see how the tool or platform works, what it’s used for, why we like it and the cost (if any). Each webinar will last around 30 minutes, making them lunch break approved! Concluding the webinars, there will be a question and answer session.  If there is a question after the webinar you can ask them via Twitter using the hashtag #ThePathtoCoolTools

We hope you’ll be able to join our CEO, Douglas Mauro on October 14th, as he dives into the tools TruePath Technologies uses every day to help manage and grow its business. Discussed in the first of our 5-part series will be:

(1) Jing. Simple screen capture tool that can save image/movies and auto uploads to cloud so you can capture/paste link into an email or IM

(2) Schedule once. Living in India, EST, PST, etc.? Schedule a meeting using my calendar and YOUR time zone:

(3) join.me … sure there’s a lot of WebEx tools out there but sometimes less is more and even better when less = less firewall restrictions!

Please register to reserve your spot and to find more information, visit us online at http://truepathtechnologies.com and don’t forget to follow #ThePathtoCoolTools for all the latest news on the series!

Registration is free: https://attendee.gotowebinar.com/register/8927123299246621953

Cool Tools Webinar Series

TruePath Cool Tools

 

 

ProfiShark 1G from PROFITAP

profishark-1g-with-laptop-v3-450px

Latest press release from Profitap.

Purchase online now in our web store!

ProfiShark 1G features include:

  • 10/100/1G monitoring on USB 3.0
  • USB 3.0 powered with no adapter required
  • Fail-safe monitoring; a bypass system activates in case of power failure
  • Hardware aggregation
  • 8 ns hardware timestamping for accurate latency testing
  • Low-level error and bandwidth monitoring
  • Real-time statistics
  • CRC error capture
  • Capture of any type of frames such as:
    short/jumbo/VLAN/VXLAN/MPLS/Pause frames and more
  • Direct capture to disk
  • Very low CPU usage
  • Invisible to the network
  • Lightweight and highly portable build
  • Quick setup and easy use

check_image Plugin (Nagios Exchange)

2014-12-04_1423Head over to Nagios Exchange to see our latest plugin: check_image

Summary:

Downloads image file from website to check its dimensions. Program takes three args: file url, height, width. If only the url is given then the program will use a default size of 1 x 1. The program will return success if the image dimensions match or failure if the dimensions do not.

$ ./check_image.pl
OK – Dimensions: 587 x 207