By default both ssh and snmp leak information if open to the public. In some scenarios it is not feasible to use network ACL´s to restrict access. I suggest:
ssh: set service ssh allowed-clients <ip / address / network-group> resulting config: /etc/hosts.allow sshd: <ip address> /etc/hosts.deny sshd: ALL
snmp: If all snmp communities have IP addresses assigned to them then: resulting config: /etc/hosts.allow snmpd: <community ips> /etc/hosts.deny snmpd: ALL
I have this implemented through a postconfig script and it works great.