RFC 3871           Operational Security Requirements      September 2004

5.  Security Considerations

   General

      Security is the subject matter of this entire memo.  The

      justification section of each individual requirement lists the

      security implications of meeting or not meeting the requirement.

   SNMP

      SNMP versions prior to SNMPv3 did not include adequate security.

      Even if the network itself is secure (for example by using IPSec),

      even then, there is no control as to who on the secure network is

      allowed to access and GET/SET (read/change/create/delete) the

      objects in the MIB.

      It is recommended that implementors consider the security features

      as provided by the SNMPv3 framework (see [RFC3410], section 8),

      including full support for the SNMPv3 cryptographic mechanisms

      (for authentication and privacy).

      Furthermore, deployment of SNMP versions prior to SNMPv3 is NOT

      RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to

      enable cryptographic security.  It is then a customer/operator

      responsibility to ensure that the SNMP entity giving access to MIB

      objects is properly configured to give access to the objects only

      to those principals (users) that have legitimate rights to indeed

      GET or SET (change/create/delete) them.

6.  References

6.1.  Normative References

   [ANSI.X9 52.1998] American National Standards Institute, "Triple Data

                     Encryption Algorithm Modes of Operation", ANSI

                     X9.52, 1998.

   [FIPS.197]        National Institute of Standards and Technology,

                     "Advanced Encryption Standard", FIPS PUB 197,

                     November 2001,