Is only SNMP RO access enough for all 3 levels of operation in MARS?

Answered Question
Nov 28th, 2008

Is only SNMP RO access enough for all 3 levels (Basic, Intermediate and Advanced) of operation in MARS? Since using SNMP RO, all required information should be accessible (configuration resolving, NAT and PAT resolving, topology discovery, attack paths discovery, etc.).

On the other hand, in http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chDvcOver.html#wp325917

it sais:

"The SNMP access type is not required to enable the SMPO RO strings. In fact, no access type is required to support SNMP RO. SNMP RO uses a shared, read-only community string; it does not require a read-write community string as does the SNMP access type."

Important part is "it does not require a read-write community string as does the SNMP access type.". Does this mean that for SNMP access type, SNMP RW is required?

Further, on the same link it sais:

"Step 1 In the Login field, enter the username of the administrative account to use when accessing the reporting device.; Step 2 In the Password field, enter the password associated with the username specified in the Login field.; Step 3 If this device supports an enable mode, enter that password in the Enable Password field."

What has username, password and enable password to do with SNMP v1 (as MARS supports SNMP v1 only)

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 1 week ago

Each access method (telnet,ssh) has a particular role. You need to match your particular needs with the access method For example you cannot use SNMP to retrive the ASA configuration file. Have a look at this table, it lists the access-method required for each particular device category:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp40192

SNMP read write is only required if you want to perform mitigation on layer 2 switches.

As a best practice try to use SSH as much as possible.

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Farrukh Haroon Sat, 11/29/2008 - 00:54

Each access method (telnet,ssh) has a particular role. You need to match your particular needs with the access method For example you cannot use SNMP to retrive the ASA configuration file. Have a look at this table, it lists the access-method required for each particular device category:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp40192

SNMP read write is only required if you want to perform mitigation on layer 2 switches.

As a best practice try to use SSH as much as possible.

Regards

Farrukh

krir Sat, 11/29/2008 - 01:23

For Router and swithces, MARS uses SNMP RO string

1) To get the layer 2 information like STP info to plot the Layer 2 mitigation path.

2) To get the CPU, Memory and Interface utilization Reports

3) MARS uses SNMP RW string to push the mitigation command to the swithces.

For firewall like ASA and PIX, MARS uses SNMP RO string

1) To get the CPU, Memory and Interface Utilizatoin Reports

So, It is important to specify the SNMP RO string, while adding devices like are Router and switches in MARS (You can see MARS throws error if you don't specify the SNMP String or the SNMP string is wrong. But optional for other devices like firewall.

Hope this helps you

Actions

This Discussion