Technical information
Network Security White Paper ver. G.1.2
Page 18 of 72
1-7-2 Potential Threats and Recommended Precautions
Destruction, Corruption and Modification of the File System
The possibility of destruction, corruption or modification of the file system is very low.
SNMP permits write-access to network parameters only. Access to the file system or kernel is not
permitted using SNMP.
Theft of Community Name
Community names are sent in clear text because of the specification of the protocol. Therefore, if
intercepted, the community name is easily read.
Possibility of Unauthorized Parties Intercepting Device Information
The products do not respond with important information such as administrator password even if the
SNMP client sends a get request for this information. Therefore, the security risk is low. However when
accessing the products using SNMP, parameters are sent in clear text. The SNMP v1/v2 protocols do
not support encryption.
1-7-3 Recommended Precautions
The suggested precautions against this threat are as follows.
Scenario 1:
Basic security settings - Change the community names from the default value to something difficult to
guess and change them regularly.
NOTE: When the community name settings are changed in the agents, the community name settings in
the management utilities must also be changed.
Scenario 2:
Standard security settings – Change the setting so that only ‘get’ access using SNMP v1/v2 is allowed
(disable ‘set’ access from SNMP v1/v2).
Scenario 3:
High security settings - Disable the SNMP v1/v2 service
If it is not absolutely necessary, the SNMP service should be disabled via Web Image Monitor or the
mshell.
Scenario 4:
Very high security settings - Close the SNMP port
If it is not absolutely necessary, the SNMP port should be closed via Web Image Monitor or the mshell.