RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?

["Fleischman, Eric" <eric.fleischman at boeing.com>]

Ira,

Thank you for considering these issues and evaluating them in regards to
ISMS. I certainly concur with you that the primary goal of ISMS is to
improve upon SNMPv3 security. I am also aware of the problems that have
been occuring with the SNMP "public" community. Thus, unless somebody
can identify an actual requirement for "anonymous users" within SNMP,
you have convinced me that providing an anonymous authentication
possibility (i.e., solely for FUD reasons) is not something we want to
do in ISMS.

--Eric

-----Original Message-----
From: McDonald, Ira [mailto:imcdonald at sharplabs.com] 
Sent: Saturday, October 29, 2005 12:20 PM
To: Fleischman, Eric; McDonald, Ira; Glen Zorn (gwz); Joseph Salowey
(jsalowey); ietfdbh at comcast.net; Blumenthal, Uri; isms at ietf.org; David
T. Perkins
Subject: RE: [Isms] #1: is it important to support anonymous user
accesstoSNMP?


Hi Eric,

Thanks for the pointer to Joe Touch's ANONsec draft from May 2004.

I read it all the way through with interest.  And then I discovered 
the recently chartered IETF BTNS (Better Than Nothing Security) WG, 
(http://www.ietf.org/html.charters/btns-charter.html), which has
published:

  "Problem and Applicability Statement for Better Than Nothing Security
  (BTNS)", Joseph Touch, 26-Sep-05,
<draft-ietf-btns-prob-and-applic-01.txt>

The two independent working drafts are:

  "An Unauthenticated, or Leap-of-Faith-Authorization Mode for
  Bump-In-The-Stack Implementations of IPsec Using Internet Key Exchange
  Protocols", Nicolas Williams, 2-May-05,
  <draft-williams-btns-unauthenticated-bits-00.txt>

  "Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec",
Nicolas
  Williams, 8-Sep-05, <draft-williams-btns-00.txt>

The latter is the successor to Joe Touch's original ANONsec draft.

But what Joe Touch and the BTNS folks have done is give a good rationale
for adding support for unauthenticated IKE SAs (Security Associations)
to 
IKEv2.

That is, the whole point of Joe's argument is that this mechanism is
ONLY useful at the NETWORK layer - to protect against off-path attacks
on the transport protocols - such as the serious RST attack on TCP,
which cannot be defended against within TCP for long-duration
connections at high data 
rates (above 100 Mbps), because the valid receive window simply becomes 
too large.

I'm unpersuaded that this is a good general mechanism at the application
layer (e.g., SNMP), even though it is ubiquitous in web browsing
(HTTPS).

This is NOT an 'authenticated' mechanism.  When used at the application 
layer, it cannot defend against active off-path or man-in-the-middle
attacks.

I doubt that the reason we want networks to deploy SNMPv3 is the
protocol performance improvements over SNMPv1.  I think the main reason
is to get them to use acceptably strong security to avoid compromising
the integrity of their networks.

Anonymous use access to SNMP is available now with the SNMPv1 'public'
community.  And it's caused a lot of serious problems.

Cheers,
- Ira

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms