[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:	DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:	Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:	NETCAD::COLELLADT

Created:	Wed Nov 13 1991
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4455
Total number of notes:	16761

479.0. "Community Strings and Security..." by PADNOM::PEYRACHE (Sarip Torppus Lanoiger) Tue Nov 09 1993 10:23

  hi


   Hubwatch for OpenVMS V2.0-1 DECagent90 V1.1


   On the Decagent 90 my customer has defined only one Community with
   a Read-only/Read-Write String Differents:

      (AKA :  Read-only  string "Public")
              Read-Write string "System")

  in fact from my customer point of view ,when you start HUBwatch with community
Public you are only the capability to display Information regarding Modules
in the HUB, you can't modify the configuration.

  Now The problem:


 After firing up HUBwatch with Community Public "Read-only"
 If you select Manage Table in Community Option:

  first of all ,you see all the Read_only and Read-Write Strings for all
communities managed by the agent.

  and if you select the Read-Write String and Make current ,you have now all
  capability (add, delete a module ,disable a port etc....)


 seems to be no really secure (display the Read-Write string and Switch from
  Read-only to Read-write )

 is'nt it ??


 thanks for any comments/feedback/explainations

  Jean-Yves

T.R	Title	User	Personal Name	Date	Lines
479.1	DENM read-write strings are readable	QUIVER::HAROKOPUS		`Tue Nov 09 1993 13:04`	11
	From a HUBwatch perspective we will display the community table that the DENMA returns to us. Since the DENMA returns the read-write community strings even if you are using a read-only string we decided not to screen these out since there is no real security anyway. I'm not sure why the DENMA returns the read-write community strings if the access is read-only. Regards, Bob
479.2	Yes but	PADNOM::PEYRACHE	Sarip Torppus Lanoiger	`Tue Nov 09 1993 13:49`	15
	thanks Bob , Purely security hinds, if you start Hubwatch using only-Read Community, seems to be no real good thing to access on write with no restriction(Password) . agreed with me ?? Jean-Yves
479.3	better in the 900...	QUIVER::SLAWRENCE		`Tue Nov 09 1993 14:52`	2
	FYI - The DEChub900 hub manager will not return the read-write communities in response to queries using a read-only community
479.4	DENMA firmware issue	QUIVER::HAROKOPUS		`Tue Nov 09 1993 16:32`	13
	Part of the problem is that when you start up HUBwatch with a read-only community we have no way of knowing (baring trying to set something) that it is a read-only community. When you enter the community table window HUBwatch reads the table and displays what the agent returns. I think that this problem needs to be addressed in the DENMA firmware so that read-write strings are not returned when the access is read-only. This is how it works in the DEChub 900. Regards, Bob
479.5	Same problem with new Version	PADNOM::PEYRACHE	Sarip Torppus Lanoiger	`Wed Nov 10 1993 15:21`	13
	thanks all, i have tried with field-test X2.0 of firmware for Demna ,the problem is the same. can you escalade it in your engeneering group thanks Jean-Yves
479.6	One of the things yet to be fixed	ROGER::GAUDET	Because the Earth is 2/3 water	`Thu Nov 11 1993 16:55`	4
	You are correct. We are aware of the problem and will have it fixed by the time V2.0 hits the streets. Thanks for the input. ...Roger...
479.7	merci,	PADNOM::PEYRACHE	Sarip Torppus Lanoiger	`Fri Nov 12 1993 07:03`	3
	thanks roger for this infos Jean-Yves