[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:NETCAD::COLELLADT
Created:Wed Nov 13 1991
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:4455
Total number of notes:16761

1263.0. "HUB900 SECURITY question" by WARS::BARTKIEWICZ (Bartek BARTKIEWICZ @RPW) Mon Aug 01 1994 10:45

    Hello,
    
    Can anybody tell me what are the security mechanisms implemented on 
      DEC HUB900 itself?
    
    I have very "difficult" customer (bank) asking a lot of questions about 
      data security (even about encryption over FDDI ring). Among the 
      other question he asked about security on our hub modules. I've found 
      some info about modules but nothing about DEC HUB900 itself.
    
    Any help appreciated
    
    Best regards from (hot) Warsaw
    Bartek
T.RTitleUserPersonal
Name		DateLines
1263.1What type of security?NACAD::GALLAGHERMon Aug 01 1994 14:5517
What type of security is your customer interested in?  I'm not sure what
you mean by security features "on the hub itself".

Hub management uses the SNMP.  SNMP is not very secure.  It uses clear-text
community strings as "authorization keys".  Users can set the read-only
and read-write communities.  In addition, we support a source control list
so uses can specify that only SNMP messages with proper community names
received from a specific IP source address be accepted.  For example, users
can set up SNMP to only respond to SNMP messages with community "Secret" from
host 1.2.3.4.

Some of the DECrepeaters support port security.  There's "intrusion detection/
protection" and "eavesdrop prevention".  You can find more info on repeater
security in this conference, or from the Extended Repeater MIB
(aka dec-hub900-erptr-mib-v1-1.txt) on gatekeeper.dec.com in /pub/DEC/hub900/
mibs/.                                  
						-Shawn
1263.2setup port and OBM securityWARS::BARTKIEWICZBartek BARTKIEWICZ @RPWTue Aug 02 1994 14:248
    Hello,
    
    Thanks for SNMP security.
    I was interested in the security of the setup port and OBM port, 
      something like password.
    
    Best regards
    Bartek
1263.3no passwordsNAC::FORRESTMon Aug 08 1994 17:457
	Setup port: Requires a direct terminal or terminal emulator 
	  connection, since there is no modem control. So security depends 
	  on how secure the DEChub location is.

	OBM port: Only works with SNMP over SLIP, so we are back to SNMP 
	  security.