[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSP Management Specifications was - Re: Managing IPSP
> (ISO11577). There was a complete CMIP MIB developed for NLSP. Some of this
> work could be converted to SNMP (just a rough idea for a starting point).
>
> Note that there could be specific work items for:
>
> 1) ah/esp security management (perhaps two specifications)
> - access control (allowed network addresses, allowed protocols, etc.)
> - audit / alarms
> - configuration
> - etc.
Whatever mechanism MIB is arrived at for managing security via IPSC, would
transport fairly well into the firewall world. Firewalls are "security
gateways"
afterall.
In May, there a flurry of discussion on about starting a firewall MIB
group. Many of the participants (myself included) have little experience
with the IETF or SNMP standards process, but we did know one thing: we wanted
SNMPv2 security to manage the firewall.
Much recent discussion about security in SNMPv2 (please do not follow
up anything here -- I'm cross posting) suggests that using IPSEC for SNMP
authentication is premature. Similarly, it seems that using SNMPv2 for IPSEC
configuration may be a problem :-)
A strawman MIB Charter was posted by Howard Berkowitz <hcb@clark.net> on
May 14th if you are looking through the archives.
The strawman firewall MIB is 'fw-snmp' --- ask majordomo@mid.net to add you.
:!mcr!: | <A HREF="http://www.milkyway.com/">Milkyway
Networks Corporation</A>
Michael Richardson | Makers of the Black Hole firewall
NCF: aa714 || xx714 | +1 613 566-4574 ... mcr@milkyway.com
Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio
.html">mcr@sandelman.ocunix.on.ca</A>. PGP key available.
Follow-Ups:
References: