[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: Updating the MIB security guidelines

To: Juergen Schoenwaelder <schoenw@ibr.cs.tu-bs.de>
Subject: RE: FW: Updating the MIB security guidelines
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Wed, 6 Nov 2002 14:32:10 +0100
Cc: mibs@ops.ietf.org

Thanks for comments. I will pick up the minor comments.
But, w.r.t. this:
> > -- for all MIBs you must evaluate
> > 
> >    There are a number of managed objects in this MIB module with a 
> >    MAX-ACCESS claise of read-only and/or notify-only. Some of these
> 
> I think the evaluation which readable information is sensitive also
> applies to read-write and read-create objects since they are readable
> as well. So probably it is simpler to just say that the following
> evaluation has to be done for _all_ managed objects.
> 

That is what we indeed had in the old boiler plate, but I often found
that people would not differentiate between the read nad write
sensitivity/impacts and vulenerabilities. If I remember well then
the security ADs did make a remakr about that quite a while ago too.

But maybe I can come up with some text that encourages to do it right
in just this place (isntead of having it at different places.

Bert

Prev by Date: Re: FW: Updating the MIB security guidelines
Next by Date: Re: FW: Updating the MIB security guidelines
Previous by thread: RE: FW: Updating the MIB security guidelines
Next by thread: RE: FW: Updating the MIB security guidelines
Index(es):
- Date
- Thread