The Avigilon win/lose article turned into a debate about SNMP's role with video surveillance systems. One commenter noted that Avigilon cameras did not support SNMP to which Avigilon dealers responded that SNMP was terrible anyway.
So what do you say about SNMP and video surveillance?
I can count on one hand the times where I used SNMP in the field, and it typically was to monitor the status of a remote device like a power supply. There are a number of managed switches that support remote reboot commands via SNMP, and that might be helpful during troubleshooting.
I use it to monitor cameras bandwidth, switch port bandwidth, raid drive status, wireless channel usage and bandwidth, ups battery time remaining, cpu, memory and disk free stats... it's really driven by end user needs which vary greatly job to job. Larger clients get the most use (1000 plus cameras) because they have so many things to manage-- it is a valuable tool to understand how the entire system is operating.
Based on the video above, it would appear that the 'risks' that Mr. Thomas (commenting for the Avigilon camp in the win/lose article) was referring to were present in SNMP v's 1 and 2 ... but not in the current v3 that Mr. Snow apparently knows all about. :)
We've used SNMP to monitor various parameters of our systems for years. Typically, SNMP is used by our systems to trigger an email alert of a system problem via an Exchange server, which we've had since 2006.
I like the video. What Prof Messer missed is that some variables in SNMP are writeable as well as readable. So you can use SNMP to change the config of a system. Some passwords are R/O and some are R/W. Clearly there's a bigger security exposure when the password permits writing. The default (historic favorite) passwords are "public" and "private." It is a network best practice to change all factory default passwords. Our favorite is for SNMP to be turned off as the factory default and then users that want to use it will turn it on -- and set unique passwords when they do.
We do not permit any SNMP access from outside our LAN. That takes the edge off the need for SNMPv3. Still, we are converting all our equipment to v3 as time permits.
I had come up with a "black box" solution using a free SNMP solution at my last job. I figured you could install the box on site and charge a monthly fee for "advanced monitoring" or something. Everyone thought it was a great idea but that's as far as it went. If I was an IT Admin I would definetly use it to monitor my network. I had a few customers that I knew monitored everything through SNMP.
I can count on one hand (maybe one finger) the number of partners I have worked with in the last 10 years who made use of SNMP, and it was driven primarily by the customer.
That's not to say we don't have many other customers using SNMP in their environment, or that SNMP isn't a valuable tool. It's just an observation.
For reference, SNMP support was deprecated by Microsoft as of Windows Server 2012 in favor of Common Information Model (CIM). It's still widely used by network administrators though at the switch/router level, among other things.