Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerOpenManage IT Assistant Version 7.2 (Dell OpenManage 4.5.1)
81828384858687888990
Ensuring a Secure Dell OpenManage IT Assistant Installation 85
Security and the SNMP Protocol
There are several actions that can be taken to better secure environments using the SNMP protocol.
Although the following samples refer to Microsoft Windows operating systems, similar steps can be
performed for the Red Hat Linux and Novell NetWare operating systems. By default, when SNMP is
installed, the community name is set to public. This character string should be treated like a password
and similar rules should be used in its selection—a string of adequate length, not easily guessed, and
preferably consisting of mixed letters and numbers. In Windows operating systems, the SNMP
community name can be configured through the Security tab of the SNMP services Property dialog box.
As a secondary precaution, SNMP should also be set to Read Only to prevent unauthorized
configuration and control actions. This can also be enforced by using snmpsets=no option when
installing Server Administrator. It would still be possible to make those changes through the User
Interface or Command Line Interface (CLI) of Server Administrator. In addition, it is also possible to
configure the SNMP service to accept requests only from a particular server (in this case, the system
running IT Assistant). This too can be configured on the Windows Security tab referenced previously by
selecting the radio button labeled Accept SNMP packets from these hosts and then clicking Add to
enter the address or name of the system running IT Assistant.
NOTE: To ensure that all the systems are properly configured, it is recommended that you use tools such as Group
Policies in Active Directory to enforce these SNMP settings.
As a final security step, Server Administrator should be configured to deny access to user and possibly
power user accounts, thereby limiting access to administrator accounts only. This can be done through
the Server Administrator top navigation bar by selecting Preference and then unchecking the User
Access boxes. You can also limit user access using the Server Administrator CLI command omconfig
preferences useraccess enable= admin. See the Server Administrator Command Line Interface User’s
Guide on support.dell.com or on the documentation CD for more information.
In summary, to successfully and securely manage servers per the security measures introduced here,
system administrators should adhere to the following best practices:
Ensure that the operating system is up-to-date with the most recent operating system security patches.
Use the SNMP and CIM (Server Administrator) protocol.
Implement SNMP community names that cannot be easily guessed.
Configure SNMP to be
Read Only
to limit configuration, update, and power control to Server
Administrator only.
Configure SNMP to accept requests only from the IP address of the system running IT Assistant.
Use tools such as Group Policies in Active Directory
to enforce the SNMP settings for all servers to
be managed.
Configure Server Administrator to deny user level access.