Security Overview

Getting Started with Access Security

SNMP Security Guidelines

In the default configuration, the switch is open to access by management stations running SNMP (Simple Network Management Protocol) management applications capable of viewing and changing the settings and status data in the switch’s MIB (Management Information Base). Thus, controlling SNMP access to the switch and preventing unauthorized SNMP access should be a key element of your network security strategy.

General SNMP Access to the Switch. The switch supports SNMP versions 1, 2c, and 3, including SNMP community and trap configuration. The default configuration supports versions 1 and 2c compatibility, which uses plain text and does not provide security options.

ProCurve recommends that you enable SNMP version 3 for improved security. SNMPv3 includes the ability to configure restricted access and to block all non-version 3 messages (which blocks version 1 and 2c unprotected operation).

SNMPv3 security options include:

configuring device communities as a means for excluding management access by unauthorized stations

configuring for access authentication and privacy

reporting events to the switch CLI and to SNMP trap receivers

restricting non-SNMPv3 agents to either read-only access or no access

co-existing with SNMPv1 and v2c if necessary

 

SNMP Access to the Authentication Configuration MIB. A

 

management station running an SNMP networked device management

 

application, such as ProCurve Manager Plus (PCM+) or HP OpenView, can

 

access the switch’s management information base (MIB) for read access to

 

the switch’s status and read/write access to the switch’s authentication

 

configuration (hpSwitchAuth). This means that the switch’s default

 

configuration now allows SNMP access to security settings in hpSwitchAuth.

 

 

N o t e o n S N M P

Downloading and booting from the software for the first time enables SNMP

A c c e s s t o

access to the authentication configuration MIB (the default action). If SNMPv3

A u t h e n t i c a t i o n

and other security safeguards are not in place, the switch’s authentication

M I B

configuration MIB is exposed to unprotected SNMP access and you should

 

use the command shown below to disable this access.

 

 

1-15