I'm trying to keep my head together on firewalls and managment protocol security.
For a larger customer I'm assiting in the design of an HP SIM infrastructure. The network currently consists of multiple isolated LAN segments, separated by a hardware firewall.
The customer requires centralized monitoring. I will implement a new management VLAN with only the required access to the diffrent isolated (V)LANS. I have the choice between monitoring the Windows servers (2003 R2, 2008 and 2008 R2) using a SNMP read-only community or WMI.
As far as I know, SNMPv1 is quiet insecure as it might be a source of information disclosure because of it's plain text nature. WMI on the other hand is authenticated and encrypted, but requires some significant 'holes' in the firewalls.
I know I can reconfigure DCOM to make the homes a bit smaller, but I'm wondering what is best practice? Use SNMP to keep the software attack surface smaller, or use WMI to prevent information disclosure in case of security breaches?
MCP/MCSA/MCTS/MCITP