[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Final MIB security guidelines



OK, based on discussions, this is the final version that I
have scheduled this to put on the ops.ietf.org web pages.

I am not sure what do write about the indexing stuff yet.
So for now I have not changed the text for that.
If someone has good ideas, then pls post proposed text
that we can discuss

Thanks,
Bert 


----------- draft new Security Guidelines for MIB documents ------

x. Security Considerations

-- if you have any read-write and/or read-create objects, please
-- describe their specific sensitivity or vulnerability.
-- RFC 2669 has a very good example.

   There are a number of management objects defined in this MIB module
   with a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables and objects and state why they are sensitive>
 
-- else if there are no read-write objects in your MIB module

   There are no management objects defined in this MIB module that have
   a MAX-ACCESS clause of read-write and/or read-create.  So, if this
   MIB module is implemented correctly, then there is no risk that an
   intruder can alter or create any management objects of this MIB
   module via direct SNMP SET operations.

-- for all MIBs you must evaluate

   Some of the readable objects in this MIB module (i.e., objects
   with a MAX-ACCESS other than not-accessible) may be considered
   sensitive or vulnerable in some network environments.  It is thus
   important to control even GET access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables and objects and state why they are sensitive>

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network
   is allowed to access and GET/SET (read/change/create/delete) the
   objects in this MIB module.

   It is RECOMMENDED that implementers consider the security features
   as provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms
   (for authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT 
   RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to
   an instance of this MIB module, is properly configured to give
   access to the objects only to those principals (users) that have
   legitimate rights to indeed GET or SET (change/create/delete) them.