Event logging via SNMP or Syslog is very important in the overall security
process. As shown in Figure
, event
notification levels can be defined for SNMP and Syslog. A Syslog server must be
defined in order to send Syslog messages to a central monitoring server
. Syslog
and SNMP configuration will be covered in detail in Module 11.
Simple
Network Management Protocol (SNMP)
SNMP allows network management
programs to view and change settings of equipment. SNMP can be used to view
settings using a Get request. SNMP can also be used to change settings using a
Set request. Finally, SNMP devices can send alerts to management stations using
the Trap function. SNMP uses a non-encrypted secret called a community string
or name. Read-Only community names allow only Get requests, while Read-Write
community names allow Get and Set requests. SNMP versions 1 and 2 are insecure,
because the community name can be seen in the requests. SNMP version 3 adds
adequate security, but it is not yet widely used or supported. Never use public
or private, which are the defaults, as community names. Use a community name
that will meet secure password guidelines
.
Remember
that ongoing monitoring is a part of security procedures. Most network
monitoring is done with a combination of ICMP and SNMP. SNMP and event logging
are covered in greater detail in Module 11.