Fix SNMP v3 implementation for best practices?
I was setting up monitoring for the device using SNMP v3, and was sad at your implementation that insists on using the same password as the encryption key as well counter to best practices for SNMP.
As defined in the best practices guide defined here at snmp.com, section 4.1:
"Each human operator should also have unique pass phrases for authentication and privacy. These pass phrases should be different from those used for server logins. Also, these pass phrases should be different for each authentication and privacy protocol. "
While not psirt worthy, you only got half of the intended use correct in your implementation. Auth hash and encryption keys should to be different.
You're not the only vendor to get the implementation wrong either at least (cough, Meraki), but would be nice to get on the road map a proper fix to allow for separate username, auth hash, and priv encryption keys separate as the best practices intend.
All Replies
-
Hi @mikebutash ,
Thank you for your feedback.
At the present, the pass phrase can be configured different from each user, however it is the same for authentication and privacy. For best practices, we would like to propose pass phrases should be different for each authentication and privacy as an idea for evaluation. You can find the link to the idea section below:
SNMPv3: Pass phrases should be different for each authentication and privacy. — Zyxel Community
Thank you for using Zyxel product. We appreciate your feedback and suggestions to help us improve our product.
Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight