Re: FW: Updating the MIB security guidelines

[Wes Hardaker <wjhns1@hardakers.net>]

>>>>> On Tue, 5 Nov 2002 23:56:32 +0100 , "Wijnen, Bert (Bert)" <bwijnen@lucent.com> said:

Bert> <list the tables and objects and state why they are sensitive>

err...  I'm not really sure I like the notion of re-listing all the
objects (or even just the tables) in the mib file twice (once for
read-write and once for read-only) in the security section.

Generally, a MIB piece houses a higher level notion of something, and
I think referring to that would be a better way to go than each
individual piece.  For example, if I was writing a security section
for the VACM MIB then I'd probably say "this MIB provides network
based configuration of the access control mechansims used by SNMP.  It
is critical the contents of this MIB be protected by authentication at
a minimum since illegitimate modifications to the objects within this
MIB will have a grave impact on ..."  IE, I wouldn't describe each
separate table of the MIB module since I don't think I don't really
think it would help and would only hinder understanding of it (since
you'd have to understand the data in the MIB to read the security
clause, which I'm not sure is the right thing to do).

-- 
"The trouble with having an open mind, of course, is that people will
 insist on coming along and trying to put things in it."   -- Terry Pratchett