[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Updating the MIB security guidelines

To: mibs@ops.ietf.org
Subject: Updating the MIB security guidelines
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Sat, 28 Dec 2002 00:35:55 +0100

So based on the latest discussion between Mike Heard and myself and
also taking some earlier input into consideration, how about this?
I hope/think I fixed all the typos.

Supportive statements are also very welcome.

Bert

----------- draft new Security Guidelines for MIB documents ------

x. Security Considerations

-- if you have any read-write and/or read-create objects, please
-- describe their specific sensitivity or vulnerability.
-- RFC 2669 has a very good example.

   There are a number of management objects defined in this MIB module
   with a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables and objects and state why they are sensitive>
 
-- else if there are no read-write objects in your MIB module

   There are no management objects defined in this MIB module that have
   a MAX-ACCESS clause of read-write and/or read-create.  So, if this
   MIB module is implemented correctly, then there is no risk that an
   intruder can alter or create any management objects of this MIB
   module via direct SNMP SET operations.

-- for all MIBs you must evaluate

   Some of the readable objects in this MIB module may be considered
   sensitive or vulnerable in some network environments.  It is thus
   important to control even GET access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables and objects and state why they are sensitive>

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network
   is allowed to access and GET/SET (read/change/create/delete) the
   objects in this MIB module.

   It is RECOMMENDED that implementers consider the security features
   as provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms
   (for authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT 
   RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is a customer/operator
   responsibility to ensure that the SNMP entity giving access to
   an instance of this MIB module, is properly configured to give
   access to the objects only to those principals (users) that have
   legitimate rights to indeed GET or SET (change/create/delete) them.

Follow-Ups:
- Re: Updating the MIB security guidelines
  - From: "C. M. Heard" <heard@pobox.com>

Prev by Date: RE: FW: Updating the MIB security guidelines
Next by Date: Re: Updating the MIB security guidelines
Previous by thread: RE: FW: Updating the MIB security guidelines
Next by thread: Re: Updating the MIB security guidelines
Index(es):
- Date
- Thread