Information shared by SNMP may be used to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications). If your don't monitor your LPAR via SNMP then best way to improve security is to disable SNMP service.
SNMP service can be disabled by this command
ENDTCPSVR *SNMPThis command will ensure that SNMP will not start again when TCP is restarted
CHGSNMPA AUTOSTART(*NO) ALWSNMPV3(*NO)You can also configure specific SNMP Community
CFGTCPSNMPand then option
2. Work with communities for SNMPwith option 2=Change on specific Community
Change Community for SNMP (CHGCOMSNMP)
Type choices, press Enter.
Community name . . . . . . . . . > 'public' Character value
Translate community name . . . . > *YES *YES, *NO
Manager internet address:
Manager internet address . . . *ANY
Manager internet address mask
+ for more values
Object access . . . . . . . . . *NONE *SAME, *SNMPATR, *READ...
Log set requests . . . . . . . . *NO *SAME, *SNMPATR, *YES, *NO
Log get requests . . . . . . . . *NO *SAME, *SNMPATR, *YES, *NOObject access can have any of this values
*SAME
*SNMPATR
*READ
*WRITE
*NONE