Conference netcad::hub_mgnt

4339.0. "Community string display..." by LFOIS1::MOUSSU (so unusuaL terM) Mon Apr 07 1997 14:06

  On an exhibit last week where we were showing nearly our latest hardwares 
  with ClearVISN MCM 6.x, we had one more customer pointing out what he called 
  a "security hole" in that application.
  When launching MCM or displaying previously registered agents (with 
  "File...Open" buttons), the registered agents (e.g. DH900) appear with their 
  IP address and last used community string.
  When "public" that's not an issue.
  When you've set up private strings for read/write protection purpose
  one could expect that they should not be displayed in clear, just in the 
  first window you get when launching the application.
  
  I already guess some people answer about protecting the workstation itself. 
  I did answer that to customers, but they disagreed: in their mind vendors 
  have to provide them with more security features and it is their choice and 
  responsibility to implement whatever they want.
  In other words, they prefer to have more security tools and use less than to 
  miss them.
  In my opinion, I would prefer to have the agents displayed as user chosen 
  names (e.g. "h900-b1-s2") rather than IP addresses which are not easy to 
  associate with physical devices.
  After all, perhaps displaying only IP addresses is a kind of security tool.
  

    Of course, the CONVERSE of that is that the silly FLASH LOADER
    (or flash loafer) does NOT use the community string on file
    when you change from one hub to another.
    
    THAT makes life ugly when upgrading multiple hubs.
    
    Sigh, you just can't win!