[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Final MIB security guidelines
>>>>> On Tue, 7 Jan 2003, Wijnen, Bert (Bert) wrote:
Bert> -- for all MIBs you must evaluate
Bert>
Bert> Some of the readable objects in this MIB module (i.e., objects
Bert> with a MAX-ACCESS other than not-accessible) may be considered
Bert> sensitive or vulnerable in some network environments. It is thus
Bert> important to control even GET access to these objects and possibly
-----------------------------------^^^^^^^^^^
Bert> to even encrypt the values of these objects when sending them over
Bert> the network via SNMP. These are the tables and objects and their
Bert> sensitivity/vulnerability:
Bert>
Bert> <list the tables and objects and state why they are sensitive>
I though we had agreed to say "GET and/or NOTIFY access" here.
Bert> Further, deployment of SNMP versions prior to SNMPv3 is NOT
Bert> RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
Bert> enable cryptographic security. It is then a customer/operator
Bert> responsibility to ensure that the SNMP entity giving access to
Bert> an instance of this MIB module, is properly configured to give
---------------------------------------^
Bert> access to the objects only to those principals (users) that have
Bert> legitimate rights to indeed GET or SET (change/create/delete) them.
That comma needs to be removed.
>>>>> On Mon, 6 Jan 2003, Wes Hardaker wrote:
Wes> No references?
I recommend either to refer the reader to the boilerplate or to copy the
Informative References part from the boilerplate:
y. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
Either way should do, because all MIB modules need the boilerplate.
//cmh