nv-l
[Top] [All Lists]

Re: Secure SNMP using NetView

To: nv-l@lists.tivoli.com
Subject: Re: Secure SNMP using NetView
From: James_Shanks@tivoli.com
Date: Fri, 16 Feb 2001 12:17:08 -0500
Interesting question but not a likely affirmative answer.

SNMP V1 provides no security except the community name and that is
transmitted in the clear across the net.  An attempt was made in SNMP V2 to
implement a security mechanism, but many vendors objected to its complexity
and it was never popular.  Many vendors instead simply give the user the
option of preventing any SNMPsets at all, period, and restricting some or
all SNMPgets.  Most shops require all changes to be done on the device, the
router or hub, which requires a password.  I would be surprised if  your
VPN hub owner cannot  simply turn off SNMP sets and require direct access.
That has to be how they are doing this today.

  SNMP V3 offers a compromise approach requiring instead multiple community
names to access different parts of the MIB tree for both reading and
writing, and these are encrypted. So that is a longer-term possibility.  At
this time NetView does not support SNMP V3 but this is a known requirement
and if you have a need to learn about those plans you should contact
development and get non-disclosed  so you can hear what they are.  But SNMP
V3 support is coming.

James Shanks
Team Leader, Level 3 Support
 Tivoli NetView for UNIX and NT



Terry_E_Simpson@tivoli.com@tkg.com on 02/16/2001 11:04:44 AM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  [NV-L] Secure SNMP using NetView



This question is related to NetView (Both NT & Unix) and SNMP Versions 1,
2, and 3.   Is there a way to provide any security or secure a SNMP request
(GET and SET) to security network devices, like a VPN Gate?  Are there
external software offerings that provides some level of security for SNMP
that will integrate with NetView?  I know there are hardware devices that
provides security for data across the link, but for some strange reason,
only the SNMP requests are of concern.

Terry E. Simpson/Tivoli Systems
Tivoli Sales - Federal DoD
Sr. Systems Engineer

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web