Recommendations for VPN end point appliances?
Kevin D. Clark
kevin_d_clark at access-4-free.com
Mon Jun 14 10:05:01 EDT 2004
Chris <fj1200 at comcast.net> writes:
> bscott at ntisys.com wrote:
>>
>> On Sun, 13 Jun 2004, at 9:40pm, fj1200 at comcast.net wrote:
>> >> ... shared secrets went out in the 1980s ...
>> >
>> > Maybe, but SNMP V3 still uses it..........
>>
>> That's hardly an endorsement. SNMP's approach to security issues has
>> generally been to ignore them. (SNMP = Security? Not my problem!) The
>> fact that SNMPv3 has any security at all is a huge advance. Now you want it
>> to be modern, too?
Public-key crypto in SNMP would probably be unweildy, especially since
SNMP is supposed to have a light footprint to make it easy to put into
small embedded systems. A lot of customers just want to flip the
power on in these things and have things work
Besides, in my experience, SNMPv3 is merely a "checkoff item" in the
vast majority of deals. I've seen many shops insist on SNMPv3 support
and after they've bought the gear never even try to deploy it.
> Yep, I totally agree, also SNMP is anything but simple, and why no-one
> has come out with something a lot more user friendly, I don't know,
> However, it keeps me employed, so I shouldn't complain too much. :)
SNMP isn't very simple anymore. OTOH, SNMP is flexible, powerful, and
extensible. I haven't seen much else that approaches SNMP's
usefulness.
Regards,
--kevin
--
"Well, who says that I have to adhere to what the MIB says?"
-- Bob, after I confronted him about his MIB implementation.
More information about the gnhlug-discuss
mailing list