[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the future of SNMP



HI,

The design pattern as described below by Wes is one of my favorite
"anti-patterns". That is, it is an example of what not to do!
In specific, and very limited usage situations, it works. But,
there are others where it is a disaster. For example, how does
one "backup and restore" the configuration via SNMP?

At 10:27 AM 3/3/2003 -0800, Wes Hardaker wrote:
>>>>>> On Mon, 3 Mar 2003 09:51:24 -0800 (PST), "B. Levin" <bryan_levin@yahoo.com> said:
>
>>> Which security
>>> precautions must be follwoed sending bulk responses
>>> to a noAuthNoPriv request? which are acceptable for
>>> an authPriv response? Can they be mixed into the
>>> same buffer?
>
>B> I don't have answers to those questions.  I would
>B> welcome advice in making the mib more secure by those
>B> who are better qualified in the area of security.
>
>FYI, You might look at the DISMAN-EVENT-MIB or the DISMAN-SCRIPT-MIB
>(and probably others) which access internal agent objects by using the
>same security mechanisms that were used to create the activation row
>or object in the table in question.  IE, before the data was shipped
>via ftp it must be gathered.  When gathered, it is gathered using the
>same secName and secLevel as the original configuration object was set
>using.
>
>(this creates some problems, but it seems to be a commonly-in-use
>practice still).
>
>-- 
>Wes Hardaker
>Network Associates Laboratories 
Regards,
/david t. perkins