This presentation did describe the new structure of Transcend, and "SNMPv3" did appear on a slide, but in conversation Paul Griezerstein made it clear that the resource limitations due to attrition of NMD make it impossible to provide much support to SNMPv3 agent integration, or to look closely at how a SNMPv3 management platform and our proposed key initialization and management might be used with Transcend. The interfaces at which it might do so are clearer; for example, the "ping" probe iteration that discovers the devices on a subnetwork is done entirely within the management platform. This may take quite a bit of time to work through even a small network. A list of discovered devices is then passed up to Transcend, which must do some MIB probing to decide if any are 3Com devices it can support. This probing must be done with SNMPv1. It must also provide information on whether the device is capable of running SNMPv3, probably using MIB entry flags. Finally, when a SNMPv3 capable device is found, its key can be initialized using the key management procedures called from within Transcend. Until then the device must be in an installed and operating, but insecure state. This means that it's not possible to boot directly from the first power-on into secure operation. Of course, a key initialization procedure that is not linked with SNMPv3 in any way could be used instead, perhaps a derivative of DHCP that would offer an address of a security manager host as well as a DNS nameserver. The device would then initiate the key initialization procedure if equipped to do so. The period during which the device is operational and insecure might be much shorter in this situation. Alex Brown <[EMAIL PROTECTED]> +1 508 323 2283 ---------------------- Forwarded by Alex Brown/US/3Com on 11/03/99 11:04 PM --------------------------- "Dan Nessett" <[EMAIL PROTECTED]> on 11/02/99 09:28:09 PM Please respond to "NetDevSec Team" <[EMAIL PROTECTED]> Sent by: "Dan Nessett" <[EMAIL PROTECTED]> To: "NetDevSec Team" <[EMAIL PROTECTED]> cc: (Alex Brown/US/3Com) Subject: Some news from 3TF on Network Management Folks, Here is some news from a presentation that Paul Griezerstein (NMD) gave at 3TF this afternoon: + The tiers into which the new Transcend software will be organized are not layers (i.e., code in any tier can use an API in any other tier). + They are using Java 2.0 as the implementation language for the new version of Transcend + They plan to support SNMPv3 + They will support LDAP. Alex was able to talk with Paul and so may be able to give more details. Dan --- You are currently subscribed to netdevsec-team-core as: [[EMAIL PROTECTED]] To unsubscribe, forward this message to [EMAIL PROTECTED] Direct other questions to [EMAIL PROTECTED]
Re: Some news from 3TF on Network Management
by way of "Chris M. Lonvick" <[EMAIL PROTECTED]> Mon, 10 Apr 2000 10:48:31 -0700
