On Tue 19 Oct, 1999, "Palmer, L. Guy" <[EMAIL PROTECTED]> wrote:
>I am concerned that allowing SNMP traps to pass from or through a FW, into a
>console on an enterprise network, is opening up the assets which the FW is
>protecting to exploits from the outside world. But it's been more of a
>hunch than something I can actually demonstrate.
(I'll presume you've got an arrangement with the big bad "outside", a
middle-area external-service type network/s, and the "internal"
networks; and that we're talking about sending SNMP traps from those
systems that comprise the 'firewall' and systems on external-service
networks.)
Permitting SNMP traps through to the internal network from your middle
network will allow injection of false data into your internal system if
someone compromises that middle area (you wouldn't allow such packets
to pass right through from the outside world, naturally.) But I think
that which ever way you send events you're open to that sort of
problem. If you're looking for ways to receive events from the
filtering and security-policy devices themselves then using SNMP traps
probably isn't the way.
I personally feel a one way SNMP trap is a safer thing to pass than a
more complex two way "higher-level" communication commonly used by
products such as HP IT/O, Tivoli TME 10 and Netcool/OMNIbus. I don't
extend that advice to SNMP "get"s and "set"s, which is something that
someone else has rightly pointed out is not a good thing to be doing.
James.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
