[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: comments

To: "Budd, Fred" <Fred.Budd@wcg.com>
Subject: RE: comments
From: George Jones <gmj@pobox.com>
Date: Tue, 17 Jun 2003 11:38:32 -0400 (EDT)
Cc: opsec@ops.ietf.org
In-reply-to: <EC0BF05B9ABDCD4FB1439B1B9F591BAA1139CF@EXCHANGE2.ad.wcg.com>
References: <EC0BF05B9ABDCD4FB1439B1B9F591BAA1139CF@EXCHANGE2.ad.wcg.com>
Reply-to: gmj@pobox.com

On Tue, 17 Jun 2003, Budd, Fred wrote:

> There are a few other knobs and information requirements centered
> around this point that I'd like to see. The wording is rough but
> bear with me - I've only had a couple of cups of java at this
> point. Will flesh the thoughts out later if noone beats me to it.  -
> It must be possible to change all initial passwords or similarly
> fixed authentication information (SNMP community strings, etc.) from
> the factory default.

Actually, per ericb's suggestion, I think a better idea is to have
things shipped unconfigured (no passwords, etc.) and simply not allow
a service/account/whatever to be used unless the user explicitly
configures it.

> - The vendor must provide a documented list of all management
> - passwords or similar authentication material, management accounts,
> - and management interfaces that the listed authentication works
> - with. (community strings, backdoor maintenance accounts, hidden
> - system accounts, etc.)


See above.

>  The device should provide the capability
> - to enforce 'strong' password selection.

Care to provide a definition of "strong" ?

 > > Also, and this is a
> - syntactical nitpick, the examples should be consistent with the
> - requirement. Taking the example below, using "standard management
> - protocol" and "externally accessible" does suggest that it is
> - perfectly fine to allow default passwords for management access
> - with non-standard implementations, proprietary protocols, or
> - supposedly internal interfaces which just happen to be made
> - externally accessible; even though those scenarios wouldn't meet
> - the explicit requirement. Is the intent that the initial
> - configuration must occur through the OoB management interface(s)?

That was the thinking, but I think this need to be revisited.

> - Or is the draft going to suggest a trusted/untrusted
> - (internal/external) philosophy?

It was assumed that the OoB would be "internal"/more trusted.

>  I ask simply because I've talked
> - to quite a few vendors who fully expected a firewall type device
> - to front their equipment and thus didn't give much thought to
> - management access controls.  Therefore, they never anticipated the
> - management protocols being available to external parties.

Do they state that ?

---George

Follow-Ups:
- RE: comments
  - From: Chris Lonvick <clonvick@cisco.com>

References:
- RE: comments
  - From: "Budd, Fred" <Fred.Budd@wcg.com>

Prev by Date: RE: comments
Next by Date: Re: comments
Previous by thread: Re: comments
Next by thread: RE: comments
Index(es):
- Date
- Thread