Uri,
I don't think that this list would be well served by a debate on whether
SNMPv3's security provisions are adequately secure or not, though I personally
would greatly value having a private discussion with interested individuals on
that topic.
Suffice it to say here that I am familiar with RFC 3414 and RFC 3415 and I am
skeptical that existing SNMPv3 security provisions provide adequate protections
for the application I am building. I am therefore seeking to supplement
SNMPv3's security provisions via mechanisms which are less subject to abuse,
which is why I made my original posting to this list.
I have no ax to grind in this matter -- I am only seeking after the welfare of
our product. It is, of course, possible that I have overlooked something
important which would justify your skepticism of my current conclusions. If so,
I would value privately benefiting from the wisdom of your insights. I
similarly would value learning the insights of any other reader with experience
securing SNMPv3 for mission-critical devices which do not sit behind firewalls.
--Eric
-----Original Message-----
From: Uri Blumenthal [mailto:uri(_at_)lucent(_dot_)com]
Sent: Wednesday, August 06, 2003 10:32 AM
To: Bill Strahm
Cc: Fleischman, Eric; ietf(_at_)ietf(_dot_)org
Subject: Re: Securing SNMPv3 via SSH tunnels
Bill, what is this about? Eric obviously wasn't aware
that the problems he listed applied to the older versions
of SNMP protocol, namely SNMPv1 and SNMPv2c. The current
standard SNMPv3 (which obsoletes those) is designed
specifically to address the listed vulnerabilities.
So this whole notion of securing SNMPv3 with SSH is
ridiculous.
On 8/6/2003 12:34 PM, Bill Strahm wrote:
The problem that you have with TCP (and made worse by SSH tunneling on top of
it) is that the number of round trips needed to successfully get a data packet
through is unreasonably high in a situation where you are attempting to
diagnose a network fault.
The other choice is to leave a LOT of state open (ie. TCP connections)
requiring a lot of extra memory, etc. on the device. That said there is no
reason why you can not create a tunnel to a secure environment and run your
SNMP traffic from there.
Bill
On Wed, Aug 06, 2003 at 08:42:49AM -0700, Fleischman, Eric wrote:
I am seeking to secure SNMPv3 communications (e.g., RFC 3414), trying to
protect against its well-known vulnerabilities such as spoofing. Had SNMPv3
run over TCP, instead of UDP as it does, then I perhaps may attempt to
protect it via SSH port forwarding (i.e., SSH tunneling). Coincidentally,
I've just read a description in Bob Toxen's book "Real World Linux Security"
(page 141) about an approach he has apparently used of wrapping UDP in TCP
and SSH in order to accomplish SSH port forwarding for UDP-based protocols as
well. This makes me wonder whether SNMPv3 may be a viable candidate for SSH
tunneling after all. I am wondering whether anybody in the list has any
insights as to the viability and weaknesses of this suggested approach. I am
especially interested in learning how people on this list secure SNMPv3.
Thank you.