This is a good and valid question as a lot of exploits made by hackers have been around the SNMP vulnerability.

We will address the 2 top weakness of SNMP:

1. The well known default SNMP community strings of [public] and [private] are being used to hack into network devices once SNMP is enabled on these.

2. SNMP is vulnerable to brute force password guessing. Once the SNMP community string is known, the network is compromised.

So how do we address problem #1? Simply put, we advise our clients to NOT use the default community strings. We ask them to come up with random strings of at least 9 characters. This will help resolve this issue.

How do we address problem #2? We put in an additional access control list that limits the internet from accessing your network device’ snmp. You allow only SNMP coming from our SNMP poller’s IP address. This effectively blocks out hackers that try to guess your SnMP strings.