(I'm almost suspecting a troll here, but, bah, I'll feed it)
Shay Hugi wrote: > > [Motorola DDM uses SNMP] > Lot's of cable companies who use Motorola CMTS's or RiverDelta's are > using the DDM. And i've never heard anyone say'n anything bad about > this system. I have quite a bit of experience in poking around with cable modem setups (both prior to the DOCSIS standard and with DOCSIS compliant stuff), and let me tell you this much: security has never been their top priority. I'm tempted to compare it to the 802.11b disaster, only cable modems (usually) aren't used in the same kind of sensitive environments. Usually, with cable modems, the worst that can happen is that someone can get free Internet access on a public network, not highway access to the inner workings of someone's private network, so I guess it's understandable that it isn't getting the same kind of attention. > I don't see AT ALL why should a management system using SNMP and a > web based (using Java) system should not run on a dedicated > authenticated workstation to manage a firewall. If you equate "firewall" with "SOHO ADSL gateway", yeah, I probably wouldn't give a sh*t if it used web management or SNMP, but, really, c'mon, administrating an enterprise class firewall through a web interface to SNMP ought to be a punishable offense. > The DDM is truely a powerful product... with no need for any > session encryption except MD5 for the login passwords. Oh, I see: it's totally okay for anyone to sniff whatever parts they wish of my firewall configuration, including pre-shared keys to VPNs, passwords for AAA-type setups, and details about the entire ruleset. As long as the admin password is an MD5 hash, everything is just dandy. Pffft. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
