[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: survey of isp security practices

To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Subject: Re: survey of isp security practices
From: "David T. Perkins" <dperkins@dsperkins.com>
Date: Wed, 17 Nov 2004 15:05:52 -0800 (PST)
Cc: gmj@pobox.com, Randy Presuhn <randy_presuhn@mindspring.com>, opsec@ops.ietf.org
In-reply-to: <Pine.GSO.4.58.0411172241150.28357@sharpie.argfrp.us.uu.net>

HI,

On Wed, 17 Nov 2004, Christopher L. Morrow wrote:
...
> managing local users on devices is non-scalable and a dead art... as
> George said.
> 

That is one of the reasons for creating a new "security model"
for SNMPv3. The SNMPv3 term "security model" is includes:
1) the means for authenticating "security principals"
2) how message integrity (message modification, replay,
   and binding with a security principal) is accomplished
3) how message confidentiality (encryption) is accomplished

The only currently defined security model for SNMPv3 is
the "User Security Model" (USM), and it is a "local user"
data base called by the SNMPv3 the local configuration
datastore (LCD).

The ISMS WG is working on a new security model for SNNPv3
that will use existing security infrastructures such as
Radius.

Regards,
/david t. perkins

Follow-Ups:
- Re: survey of isp security practices
  - From: "Howard C. Berkowitz" <hcb@gettcomm.com>

References:
- Re: survey of isp security practices
  - From: "Christopher L. Morrow" <christopher.morrow@mci.com>

Prev by Date: Re: survey of isp security practices
Next by Date: Re: survey of isp security practices
Previous by thread: Re: survey of isp security practices
Next by thread: Re: survey of isp security practices
Index(es):
- Date
- Thread