Fix SNMP v3 implementation for best practices?

mikebutash
mikebutash Posts: 6
First Comment
edited May 2024 in Wireless

I was setting up monitoring for the device using SNMP v3, and was sad at your implementation that insists on using the same password as the encryption key as well counter to best practices for SNMP.

As defined in the best practices guide defined here at snmp.com, section 4.1:

"Each human operator should also have unique pass phrases for authentication and privacy. These pass phrases should be different from those used for server logins. Also, these pass phrases should be different for each authentication and privacy protocol. "

While not psirt worthy, you only got half of the intended use correct in your implementation. Auth hash and encryption keys should to be different.

You're not the only vendor to get the implementation wrong either at least (cough, Meraki), but would be nice to get on the road map a proper fix to allow for separate username, auth hash, and priv encryption keys separate as the best practices intend.

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,221  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @mikebutash ,

    Thank you for your feedback.

    At the present, the pass phrase can be configured different from each user, however it is the same for authentication and privacy. For best practices, we would like to propose pass phrases should be different for each authentication and privacy as an idea for evaluation. You can find the link to the idea section below:

    SNMPv3: Pass phrases should be different for each authentication and privacy. — Zyxel Community

    Thank you for using Zyxel product. We appreciate your feedback and suggestions to help us improve our product.

    Zyxel_Judy

Categories

Wireless Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)