Simple Network Management Protocol (SNMP) is designed for managing and monitoring devices on an internal network. Exposing SNMP to the internet presents a significant security risk, as it can reveal sensitive network configuration, device status, and performance data. Attackers can exploit this information for network reconnaissance or launch denial-of-service attacks. Best security practices dictate that SNMP traffic should be blocked at the perimeter firewall and only permitted on trusted, internal management networks.

B. SMTP: Simple Mail Transfer Protocol is essential for sending and receiving email from the internet. It is normally allowed through a firewall to a designated mail server.

C. HTTP: Hypertext Transfer Protocol is the primary protocol for web browsing. Outbound HTTP is required for users to access websites, and inbound is needed to host a public web server.

D. SSH: Secure Shell provides encrypted remote administration. While it must be carefully secured, it is often permitted through a firewall for authorized administrators to manage systems remotely.

1. National Institute of Standards and Technology (NIST). (2009). Guidelines on Firewalls and Firewall Policy (Special Publication 800-41 Revision 1).

Page 29

Section 4.3.2

"Service-Specific Issues": "SNMP is another protocol that organizations should usually block at their firewalls. SNMP is used to remotely manage network devices. Attackers can use SNMP to gain extensive information on a network’s configuration... Because of these risks

organizations should block SNMP at their firewalls."

2. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson.

Chapter 21

"Firewalls and Intrusion Prevention Systems

" Section 21.2

"Firewall Characteristics": This section discusses firewall filtering policies. It emphasizes that services intended only for local use

such as SNMP

should not be exposed externally. The principle is to deny all traffic by default and only permit services that are explicitly required for business with the external world.

3. Carnegie Mellon University

Software Engineering Institute. (2002). State of the Practice of Firewall Deployment and Management (CMU/SEI-2002-TN-013).

Page 16

Section 3.2.2

"Filtering Rules": The document advises filtering protocols that provide information about the internal network to outsiders. It lists SNMP as a protocol that is "often filtered" at the firewall boundary due to the valuable network information it can provide to an attacker.