Re: MUST vs. SHOULD audit

[Ran Atkinson <rja@inet.org>]

--- On Tue, 01 Apr 1997 16:15:26 -0800  Bill Pabst <bpabst@holontech.com> wrote:

> Would this be something that could be enabled/disabled through a Radius
> Server with its audit and accounting capibilities?
> 
> New to the Group.
> 
> Bill

A fine idea.  RADIUS has some transmission security built-in, hence
might be a better choice than an insecure SNMP Trap.  cisco routers support
RADIUS Accounting as of (at least) IOS 11.2, as I've been learning lately.

Another observation is that cisco implemented full DNSIX (a US DoD
networking security protocol suite to support MLS with IP networks)
a long while back (IOS 10.0 ? 9.21 ?) -- including full support for
the DNSIX Audit Protocol (if you have a cisco router, you can see
this by browsing at the top level of "config term" using the string
"dnsix ?"...

So there ought to be several ways that cisco can comply with the current
I-Ds without having to write gobs of new code.  I'd suggest that other
router vendors can use similar methods for addressing the same issue.

Ran
rja@inet.org

---

Follow-Ups:

• Re: MUST vs. SHOULD audit
• From: Daniel Harkins <dharkins@cisco.com>
• Re: MUST vs. SHOULD audit
• From: Robert Moskowitz <rgm3@chrysler.com>

References:

• Re: MUST vs. SHOULD audit
• From: Bill Pabst <bpabst@holontech.com>

---

• Prev by Date: Re: MUST vs. SHOULD audit
• Next by Date: Re: MUST vs. SHOULD audit
• Prev by thread: Re: MUST vs. SHOULD audit
• Next by thread: Re: MUST vs. SHOULD audit
• Index(es):
  • Main
  • Thread