axw@RELAY.PROTEON.COM (02/16/91)
Ted Doty commented about SNMP authentication: > However, there are a number of security issues here (I know > that security isn't a popular topic with a lot of people, > but I invite you to read Cliff Stoll's "The Cuckoo's Egg" > before skoffing in my direction). People I talk to in > development don't think that the community mechanism > provides enough security, and say that developers in other > companies feel the same. In any case, I havn't heard of > anyone who lets you muck with their router configuration > via SNMP. > I hear that there's an SNMP Authentication RFC somewhere in > the mill. Perhaps someone else can shed some light on > that. > As a practical solution for you, can't you use Telnet? > Everyone supports it, and this way your door isn't > COMPLETELY unlocked (just mostly unlocked). It's interesting that SNMP authentication is considered too weak, while telnet authentication is strong enough. SNMP and telnet protocols both authenticate with ASCII plaintext passwords. telnet authentication appears stronger since it's harder to read a password on a typical host computer. But once you get an analyzer on the network, there's no difference! Asher Waldfogel