On Mon, Jun 22, 2015 at 4:04 PM, Randy Presuhn <randy_pres...@mindspring.com > wrote:
> Hi - > > >From: Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> > >Sent: Jun 22, 2015 12:45 PM > >To: Michael MacFaden <m...@vmware.com> > >Cc: "draft-ietf-opsawg-vmm-mib.sheph...@ietf.org" < > draft-ietf-opsawg-vmm-mib.sheph...@ietf.org>, Randy Presuhn < > randy_pres...@mindspring.com>, "draft-ietf-opsawg-vmm-...@ietf.org" < > draft-ietf-opsawg-vmm-...@ietf.org>, "opsawg-cha...@ietf.org" < > opsawg-cha...@ietf.org>, The IESG <i...@ietf.org>, "opsawg@ietf.org" < > opsawg@ietf.org>, "draft-ietf-opsawg-vmm-mib...@ietf.org" < > draft-ietf-opsawg-vmm-mib...@ietf.org> > >Subject: Re: [OPSAWG] Kathleen Moriarty's No Objection on > draft-ietf-opsawg-vmm-mib-03: (with COMMENT) > > > >Hi Mike, > > > >Sent from my iPhone > > > >> On Jun 22, 2015, at 9:08 PM, Michael MacFaden <m...@vmware.com> wrote: > >> > >> Agree there should be some warning here. But if this text is intended > for those who implement it > >> (like me) then I'd prefer to make it clear as mud what the issue is: > >> > >> Any implementation of this MIB module in an agent where the Virtual > Machines being monitored > >> have access to this very agent or this MIB module creates an attack > vector on the system or on > >> any other VM hosted by this system. > > > >Yes and one of the responses to the SecDir review said this mib would > just be on the hypervisor. It also said the virtual images managed by the > hypervisor typically does not have access to the management connection for > SNMP to the hypervisor, limiting the risk. > > > >Shouldn't the text include guidance that makes this clear (where this mib > is and the reality of whether or not it's a risk from managed virtual > images)? > > > >Recommending a separate management connection is one way to do that. > > I'm missing something here. Why is a monitored VM (where the > MIB instrumentation is external to the VM) different from any other > threat? It seems to me that "access to the management connection" > is a red herring - the privacy protocol, along with authentication > and access control (VACM) should just be left to do their job. > This came up in the SecDir review. I was happy with the response provided via email in how it was put out-of-scope. The draft itself does not have the explanation offered and I think it would be helpful to the reader in case the same question comes up later. I thought it was a reasonable question given the content of the draft and possible threat space. Thanks. > > Randy > -- Best regards, Kathleen
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg