[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
security for snmpbulk transfers
So I was whining about having a username/password for a statistics server
in a managed device at the EOS meeting and thought I'd carry that whining
on to the list.
Bottom line: I really don't think this is going to fly. Statistics
information used for billing and accounting is considered extremely
sensitive by providers. I don't think providers, particularly telcos, are
going to be at all thrilled at putting that information in their network
There are a couple ways of dealing with this that I can think of off the
top of my head:
1) Move from a push to a pull model. The SNMP agent modifies a MIB
variable to indicate that it is ready to transmit data via the oob channel
specified and then the management station should connect and collect the
Pros: Best security of what I'm about to list and what's been proposed in
the WG. Authentication credentials are stored only on the management
station or statistics server.
Cons: Requires explicit support for bulk transfer on the manager. It's
possible that agent will run out of caching room while waiting for the
manager to download (although I'd argue that a proper implementation would
not have this problem).
2) A careful specification of how to secure the statistics server. In
this case what we want is compartmentalization. The agent pushes the
collected statistics to a write-only filestore. This is really more of a
policy issue in general but we need to specify name collision behaviour
because we cannot overwrite files. It'd be nice to specify a way for the
router to authenticate using its private key, if it has sshd support.
Pros: Decent security potential as long as proper guidance is given.
Worst case scenario is that that a compromised agent could perform a DoS
attack on the statistics server. You could argue that with proper quotas
set, this DoS attack could be limited to only logging for the compromised
box, which you can't trust now anyway.
Cons: It'll be easy for operators to misconfigure server security in this