> > ----- Original Message ----- > From: "Shay Hugi" <[EMAIL PROTECTED]> > To: "Mikael Olsson" <[EMAIL PROTECTED]> > Sent: Wednesday, June 05, 2002 8:14 PM > Subject: Re: Firewall managment through SNMP (Was: Re: a web management > system for the NetGAP firewall appliance(off-topic)) > > > > I Don't know if you consider the NetGAP as a SOHO Router/Firewall. but i > > think SNMP would be perfect on such a box. > > > > who would be able to sniff my *LOCAL* network? if the web management is in > > the same network connected to same switch?. > > > > ever heard about Webmin? i'm sure you've heard about this product. in case > > you haven't.. they stopped working with SSL. > > because they saw there's no need for SSL. if your'e managing a network > > device on your local LAN. > > > > i'm not saying you're wrong or anything. even the local lan could be FULL > of > > security holes. > > i'm sorry to disappoint you. but the Adminiweb Management system. does > > INCLUDE mod_ssl. > > > > -Shay Hugi > > -Mpthrill.com > > > > ----- Original Message ----- > > From: "Mikael Olsson" <[EMAIL PROTECTED]> > > To: "Shay Hugi" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Wednesday, June 05, 2002 10:38 AM > > Subject: Re: Firewall managment through SNMP (Was: Re: a web management > > system for the NetGAP firewall appliance(off-topic)) > > > > > > > > > > (I'm almost suspecting a troll here, but, bah, I'll feed it) > > > > > > Shay Hugi wrote: > > > > > > > > [Motorola DDM uses SNMP] > > > > Lot's of cable companies who use Motorola CMTS's or RiverDelta's are > > > > using the DDM. And i've never heard anyone say'n anything bad about > > > > this system. > > > > > > I have quite a bit of experience in poking around with cable modem > > > setups (both prior to the DOCSIS standard and with DOCSIS compliant > > > stuff), and let me tell you this much: security has never been > > > their top priority. I'm tempted to compare it to the 802.11b disaster, > > > only cable modems (usually) aren't used in the same kind of sensitive > > > environments. Usually, with cable modems, the worst that can happen is > > > that someone can get free Internet access on a public network, not > > > highway access to the inner workings of someone's private network, > > > so I guess it's understandable that it isn't getting the same kind > > > of attention. > > > > > > > > > > I don't see AT ALL why should a management system using SNMP and a > > > > web based (using Java) system should not run on a dedicated > > > > authenticated workstation to manage a firewall. > > > > > > If you equate "firewall" with "SOHO ADSL gateway", yeah, I probably > > > wouldn't give a sh*t if it used web management or SNMP, but, really, > > > c'mon, administrating an enterprise class firewall through a web > > > interface to SNMP ought to be a punishable offense. > > > > > > > > > > The DDM is truely a powerful product... with no need for any > > > > session encryption except MD5 for the login passwords. > > > > > > Oh, I see: it's totally okay for anyone to sniff whatever parts > > > they wish of my firewall configuration, including pre-shared keys > > > to VPNs, passwords for AAA-type setups, and details about the > > > entire ruleset. As long as the admin password is an MD5 hash, > > > everything is just dandy. > > > > > > Pffft. > > > > > > -- > > > Mikael Olsson, Clavister AB > > > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > > > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > > > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > > > > > > "Senex semper diu dormit" > > > > > >
_______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
