HP3000-L Archives

December 2004, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Community Strings with SNMP
From:
Art Bahrs <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 16 Dec 2004 11:40:25 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (71 lines) 
Hi Mike & Rick :)
    Yah... this is always going to be an audit finding....just to dangerous
and too well known... Also don't use 'smcu' or 'SMCU' ... make it a nice
weird badly misspelled non-word!

    A system manager I worked for years ago used "Frank" and "Zappa" as the
account and user passwords for Manager.sys... and badly mangled how he
spelled 'em... combine this with the fact that you would never have figured
him to even have heard of Frank Zappa... and you have a good password
choice!  'Course the fact that these passwords were only changed once a
year was very bad.

   Do you have a password change policy for the SMTP password?  If you
don't (yet hehe) and the auditor didn't find it, then you are lucky :)

Art

=======================================================
Art Bahrs, CISSP           Information Security          The Regence Group
(503) 553-1425              FAX (503) 553-1453


|---------+-------------------------------->
|         |           "Mike Drazich"       |
|         |           <[log in to unmask]>  |
|         |           Sent by: "HP-3000    |
|         |           Systems Discussion"  |
|         |           <[log in to unmask]
|         |           DU>                  |
|         |                                |
|         |                                |
|         |           12/16/2004 11:29 AM  |
|         |           Please respond to    |
|         |           "Mike Drazich"       |
|         |                                |
|         |           |-------------------||
|         |           | [ ] Secure E-mail ||
|         |           |-------------------||
|---------+-------------------------------->
  >--------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                          |
  |      To:    [log in to unmask]                                                                                       |
  |     cc:                                                                                                                  |
  |     Subject:      [HP3000-L] Community Strings with SNMP                                                                 |
  >--------------------------------------------------------------------------------------------------------------------------|




A recent external audit finding was the use of default community strings
with SNMP.  We wanted to change the setting, but I have no idea how to
change it on the 3000.

Any ideas?

Mike Drazich/for Rick Murray

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *





 =============================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed.  If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited.  Nothing in this email, including any attachment, is intended to be a legally binding signature.
 =============================================================================

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2