Is only SNMP RO access enough for all 3 levels of operation in MARS?

Answered Question
Nov 28th, 2008
User Badges:

Is only SNMP RO access enough for all 3 levels (Basic, Intermediate and Advanced) of operation in MARS? Since using SNMP RO, all required information should be accessible (configuration resolving, NAT and PAT resolving, topology discovery, attack paths discovery, etc.).

On the other hand, in http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chDvcOver.html#wp325917

it sais:

"The SNMP access type is not required to enable the SMPO RO strings. In fact, no access type is required to support SNMP RO. SNMP RO uses a shared, read-only community string; it does not require a read-write community string as does the SNMP access type."

Important part is "it does not require a read-write community string as does the SNMP access type.". Does this mean that for SNMP access type, SNMP RW is required?

Further, on the same link it sais:

"Step 1 In the Login field, enter the username of the administrative account to use when accessing the reporting device.; Step 2 In the Password field, enter the password associated with the username specified in the Login field.; Step 3 If this device supports an enable mode, enter that password in the Enable Password field."

What has username, password and enable password to do with SNMP v1 (as MARS supports SNMP v1 only)


Correct Answer by Farrukh Haroon about 8 years 8 months ago

Each access method (telnet,ssh) has a particular role. You need to match your particular needs with the access method For example you cannot use SNMP to retrive the ASA configuration file. Have a look at this table, it lists the access-method required for each particular device category:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp40192


SNMP read write is only required if you want to perform mitigation on layer 2 switches.


As a best practice try to use SSH as much as possible.


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Farrukh Haroon Sat, 11/29/2008 - 00:54
User Badges:
  • Red, 2250 points or more

Each access method (telnet,ssh) has a particular role. You need to match your particular needs with the access method For example you cannot use SNMP to retrive the ASA configuration file. Have a look at this table, it lists the access-method required for each particular device category:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp40192


SNMP read write is only required if you want to perform mitigation on layer 2 switches.


As a best practice try to use SSH as much as possible.


Regards


Farrukh

krir Sat, 11/29/2008 - 01:23
User Badges:
  • Cisco Employee,

For Router and swithces, MARS uses SNMP RO string

1) To get the layer 2 information like STP info to plot the Layer 2 mitigation path.

2) To get the CPU, Memory and Interface utilization Reports

3) MARS uses SNMP RW string to push the mitigation command to the swithces.


For firewall like ASA and PIX, MARS uses SNMP RO string

1) To get the CPU, Memory and Interface Utilizatoin Reports


So, It is important to specify the SNMP RO string, while adding devices like are Router and switches in MARS (You can see MARS throws error if you don't specify the SNMP String or the SNMP string is wrong. But optional for other devices like firewall.


Hope this helps you



Actions

This Discussion