Conference azur::mcc

4090.0. "Passwords/Username Security Am etc" by SEDSWS::MALLOY () Mon Nov 16 1992 08:28

		Node Password Authorization System
		==================================


At present the network ,that  DECmcc is managing has no security
The simply reason for this, is that the network is being change
every couple of days.

This makes life easy when creating polling rules 
and when changing parameters on the Routers. (28 Routers)
(No USERNAME or passwords required)


When the customer starts to uses passwords and then changes
them every week for security reasons . Access to Routers will
become  totally controlled by using USERNAMES/passwords .
 
Then the nightmare begins. The polling rules  will
have to changed each time the password are changed.
(Its  ok for one node but for 28 nodes .)

Of course, if you were using NCP and NCL then you would
have remember the USERNAMES/passwords.

DECmcc is met to make life easier for the customer.
		"Centrally network management !!!!"


A VMS authorize function would make life easier.
	
mcc>add security node fred priv USERNAME DECmcc password access ,-
	nopriv USERNAME open password free
mcc>add security node fred priv USERNAME DECmcc password digital
mcc>add security node fred circuit SVA-0 priv USERNAME DECmcc password digital
	

mcc>add security SNMP CISCO  community name  public
mcc>add security SNMP CISCO interface if-0 community name  open 
					
If no security is set on a sub entity then parent security attributes are
taken.  
The reason for giving lines ,circuits, interfaces etc security attributes is
to make is more flexible for the future .
Even now, manufactures are using different community name to manage different
entities.



These functions could be  part of a SECURITY ACCESS MODULE.

When DECmcc needs to access a entity it will reads the entity security
attributes and then read the authorize database (SECURITY_MIR.DAT), if needed.

Access to this database could  be restricted by using  ACL and privileges etc


		Gary