[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSP Management Specifications was - Re: Managing IPSP




> (ISO11577).  There was a complete CMIP  MIB developed for NLSP.  Some of this 
> work could be converted to SNMP (just a rough idea for a starting point).
> 
> Note that there could be specific work items for:
> 
>  1) ah/esp security management (perhaps two specifications)
>    - access control (allowed network addresses, allowed protocols, etc.)
>    - audit / alarms
>    - configuration 
>    - etc.

  Whatever mechanism MIB is arrived at for managing security via IPSC, would 
transport fairly well into the firewall world. Firewalls are "security 
gateways"
afterall.
  In May, there a flurry of discussion on about starting a firewall MIB
group. Many of the participants (myself included) have little experience
with the IETF or SNMP standards process, but we did know one thing: we wanted
SNMPv2 security to manage the firewall.
  Much recent discussion about security in SNMPv2 (please do not follow
up anything here -- I'm cross posting) suggests that using IPSEC for SNMP 
authentication is premature. Similarly, it seems that using SNMPv2 for IPSEC 
configuration may be a problem :-)
  A strawman MIB Charter was posted by Howard Berkowitz <hcb@clark.net> on
May 14th if you are looking through the archives.
  The strawman firewall MIB is 'fw-snmp' --- ask majordomo@mid.net to add you.






   :!mcr!:            |     <A HREF="http://www.milkyway.com/">Milkyway 
Networks Corporation</A>
   Michael Richardson |   Makers of the Black Hole firewall 
 NCF: aa714 || xx714  | +1 613 566-4574 ... mcr@milkyway.com
 Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio
.html">mcr@sandelman.ocunix.on.ca</A>. PGP key available.



Follow-Ups: References: