[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the future of SNMP



>>>>> On Mon, 3 Mar 2003 09:51:24 -0800 (PST), "B. Levin" <bryan_levin@yahoo.com> said:

>> Which security
>> precautions must be follwoed sending bulk responses
>> to a noAuthNoPriv request? which are acceptable for
>> an authPriv response? Can they be mixed into the
>> same buffer?

B> I don't have answers to those questions.  I would
B> welcome advice in making the mib more secure by those
B> who are better qualified in the area of security.

FYI, You might look at the DISMAN-EVENT-MIB or the DISMAN-SCRIPT-MIB
(and probably others) which access internal agent objects by using the
same security mechanisms that were used to create the activation row
or object in the table in question.  IE, before the data was shipped
via ftp it must be gathered.  When gathered, it is gathered using the
same secName and secLevel as the original configuration object was set
using.

(this creates some problems, but it seems to be a commonly-in-use
practice still).

-- 
Wes Hardaker
Network Associates Laboratories