I would *highly* discourage you from doing this, even if it is possible,
because of the inherent insecurity of SNMP v1 and v2. If _you_ can manage
the firewall via SNMP, so can any attacker on your network. All they need
to do is sniff the community string (which flies around a lot when
managing devices with SNMP) and then they can do whatever you can do.
Additionally, there isn't any way to audit who does what, since all you
need is the fixed community string and don't need to log in.
And don't think that "We've got a switched LAN so nobody can sniff
passwords--we're safe" because you'd be deluding yourself.
SNMP v3 is supposed to add additional security, although I doubt many
vendors have implemented it yet.
-Jason
On Tue, 19 Oct 1999, Paul Burland wrote:
> Date: Tue, 19 Oct 1999 12:00:12 +0100
> From: Paul Burland <[EMAIL PROTECTED]>
> To: firewalls <[EMAIL PROTECTED]>
>
> Please could somebody help.....
>
> I'm looking onto the manageability of firewalls using SNMP. I would like to
> know, what sort of data I am likely to get from standard mib2, if any. And
> what additional detail is available from Enterprise Mibs.
>
> I would also like to know where I can get a copy of an enterprise Mib to
> compile into Network Node Manager, so I can have a look around.
>
> Thanks in advance
>
>
> Paul B
>
> To return mail [EMAIL PROTECTED]
> Remember it is better to regret the things you've done, than the things you
> didn't do.
> "Unknown"
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
