This question was originally posted on DCIM Support by Shaik Mahboob Ali on 2018-03-28
The community name of the remote SNMP server can be guessed.
It is possible to obtain the default community name of the remote SNMP server.
An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications).
Disable the SNMP service on the remote host if you do not use it. Either filter incoming UDP packets going to this port, or change the default community string
This answer was originally posted on DCIM Support by Christopherus Laurentius on 2018-03-28
Do any of the following from Webmin
SNMP access to DCE can be enabled/disabled or you can change the community name from:
This comment was originally posted on DCIM Support by Steven Marchetti on 2018-03-28
In addition to Chris' comments, the "public" read string is a common default. It can simply be changed to something other than "public" as you yourself noted.
This answer was originally posted on DCIM Support by Ed Tarento on 2018-04-01
Always change the SNMP V1 community string.
Depending on customer requirements and security considerations I often recommend not using SNMP V1 write.
You can further secure your SNMP agents by allowing only SNMP read (GET etc) from selected IP addresses, e.g. DCE.
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!