Quick-Tip: How to Make SNMP More Secure

TruePath Technologies Quick Tips: How to Make SNMP More Secure

People are always asking us about SNMP and security.

We recently ran across this quick tip from Tony Fortunato of Lovemytool.com and knew we had to share it.

While working with a client recently, Fortunato had a conversation about potential security risks when enabling SNMP V2. He explained that, while the security risks are likely true, it depends on how you configure it combined with how your network behaves with it. And, ultimately, it’s a temporary solution which can simply be turned off after it is no longer needed.

As Fortunato explains, there are options for making SNMP more secure:

I started to draw a simple network diagram of his network and identified that his firewalls don’t allow SNMP from the internet so that possible issue is covered.

I then showed him some Cisco configuration commands to prevent SNMP traffic from devices and networks that we can specify.

The Cisco commands look like this;

snmp-server community notpublic RO 99

The above command enables and configures the snmp service with a read only string of notpublic. The 99 refers to an access list where we control what devices have permission to perform SNMP queries.

access-list 99 permit

With this command we define that access-list 99 only allows devices from subnet

You should test by performing an SNMP query with your network management tool to ensure that is has access but you should ensure that unauthorized devices do not have access.

You can get an idea if your access list is working as well with the following Cisco command;

show access-list 99

Standard IP access list 99

10 permit, wildcard bits (684 matches)

The same points apply to Microsoft (plus WMI) or other devices. 

Fortunato goes on say that it’s important to determine how you can get more data from your devices while troubleshooting or baselining.

We hope you enjoyed this quick tip on SNMP and security!

Send us a Message


If your company needs to:

  • Avoid costly downtime
  • Configure and maintain monitoring software
  • Optimize pre-existing software
  • Receive detailed and accurate reports and alerts
  • Deploy monitoring software solutions

TruePath Technologies is here to help!

Invalid Email
Invalid Number
Please check the captcha to verify you are not a robot.