Snmp security

  • Are there any known security issues when enabling SNMP and allowing access on the WAN interface ?

  • Rebel Alliance Developer Netgate

    The security offered by snmp v1 and v2 is simple and potentially easy to bypass. All they'd need to do is guess the community string. Even with snmp v3 I wouldn't trust exposing it to the WAN, and I don't think that is supported by bsnmpd as used in pfSense.

    Plus all of that data is sent unencrypted, exposing what could potentially be some private information to sniffing somewhere along the way.

    As with other services, you shouldn't expose things to the world on WAN unless you have no other choice, and even then you can probably do it over a VPN tunnel instead and negate any potential security issues.

Log in to reply