Manualshelf

Owner's Manual

ManualsBrandsDell ManualsSoftwareDell OpenManage IT Assistant Version 8.7
201202203204205206207208209210
210 Ensuring a Secure Dell OpenManage IT Assistant Installation
NOTE: Even in environments that intend to use only CIM for monitoring, SNMP is
typically enabled because Server Administrator only provides error notification
using SNMP traps.
Security and the SNMP Protocol
There are several actions that can be taken to better secure environments
using the SNMP protocol. Although the following samples refer to Microsoft
Windows operating systems, similar steps can be performed for the Red Hat
Enterprise Linux and SUSE Linux Enterprise Server operating systems.
By default, when SNMP is installed, the community name is set to public.
This character string should be treated like a password and similar rules
should be used in its selection—a string of adequate length, not easily
guessed, and preferably consisting of mixed letters and numbers. In Windows
operating systems, the SNMP community name can be configured through
the Security tab of the SNMP services Property dialog box.
As a secondary precaution, SNMP should also be set to Read Only to prevent
unauthorized configuration and control actions. This can also be enforced by
using snmpsets=no option when installing Server Administrator. It would
still be possible to make those changes through the user interface or
Command Line Interface (CLI) of Server Administrator. In addition, it is also
possible to configure the SNMP service to accept requests only from a
particular server (in this case, the system running IT Assistant). This too can
be configured on the Windows Security tab referenced previously by selecting
the radio button labeled Accept SNMP packets from these hosts and then
clicking Add to enter the IP address or name of the system running
IT Assistant. See your operating system documentation for more details.
NOTE: To ensure that all the systems are properly configured, it is recommended
that you use tools such as Group Policies in Active Directory to enforce these
SNMP settings.
As a final security step, Server Administrator should be configured to deny
access to user and possibly power user accounts, thereby limiting access to
administrator accounts only. This can be done through the Server
Administrator top navigation bar by selecting Preference and then unchecking
the User Access boxes.
NOTE: You can also limit user access using the Server Administrator CLI command
omconfig preferences useraccess enable=admin.