[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:	DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:	Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:	NETCAD::COLELLADT

Created:	Wed Nov 13 1991
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4455
Total number of notes:	16761

3143.0. "Responses needed for an RFP" by STRWRS::KOCH_P (It never hurts to ask...) Wed Jan 10 1996 10:59

    
    Can the ability to configure a hub module be disabled? 
    
    Are there plans to implement a password feature for the terminal
    interface?
    
    Do the modules/DH900 have a r/w community string?

T.R	Title	User	Personal Name	Date	Lines
3143.1		NETCAD::DOODY	Michael Doody	`Wed Jan 10 1996 12:44`	12
	>Can the ability to configure a hub module be disabled? That depends. Perhaps you can be more specific? >Are there plans to implement a password feature for the terminal >interface? Don't think so. Please communicate your need of a password to the product manager Jack Forrest. >Do the modules/DH900 have a r/w community string? Yes. You set the R/W community string via the setup port.
3143.2		NETCAD::GALLAGHER		`Wed Jan 10 1996 12:52`	25
	> Can the ability to configure a hub module be disabled? Yes. Change the Hub Manager's (aka MAM's) read-write community string to something other than public. This prevents anyone from managing the hub. If line cards in the hub have been given IP addresses, then change their SNMP read-write community as well. This prevents anyone from managing the modules as standalone devices. > Are there plans to implement a password feature for the terminal > interface? No. The terminal interface is intended to be a local console requiring "physical security" in order to be secure. In other words, if your customers want this to be secure, they should lock the hub in a closet. This isn't too unreasonable since anyone with physical access can pull the plug or reset the hub to it's factory defaults, causing the read-write community to become "public" again. > Do the modules/DH900 have a r/w community string? Yes. SNMP is only active on the modules when the modules are given IP addresses. -Shawn
3143.3	A way of discouraging filching?	NETCAD::BATTERSBY		`Thu Jan 11 1996 13:16`	10
	>If line cards in the hub have been given IP addresses, then change their >SNMP read-write community as well. This prevents anyone from managing the >modules as standalone devices. Shawn, does this mean that if someone was to filch a module out of a HUB and attempt to use it either in another HUB or stand-alone in a docking station, they wouldn't be able to if the IP address in the module had been given some read-write community other than the default? Bob
3143.4		NETCAD::MILLBRANDT	answer mam	`Thu Jan 11 1996 14:29`	12
	> Shawn, does this mean that if someone was to filch a module out of a > HUB and attempt to use it either in another HUB or stand-alone in a > docking station, they wouldn't be able to if the IP address in the module > had been given some read-write community other than the default? I'm not Shawn, but... The clued-in filcher would set the module to factory defaults before swiping it, and thus avoid the scenario above. Point being, once you have physical access, any programmed-in security is moot. Dotsie
3143.5	Yep. nothing's necessarily foolproof.....	NETCAD::BATTERSBY		`Thu Jan 11 1996 15:55`	7
	> The clued-in filcher would set the module to factory defaults before > swiping it, and thus avoid the scenario above. Point being, once you > have physical access, any programmed-in security is moot. Good point on the "clued-in" filcher. :-) Bob