12-28-2007 11:46 PM - edited 03-09-2019 07:44 PM
Hi, can CS-MARS support SNMPv3 feature for monitor and mitigate devices?
12-30-2007 05:07 AM
Hi Zakhar.
The answer to your question is no.
MARS does not accept inbound SNMP traffic. This is a security feature so that MARS cannot be exploited by an outside device.
In a nutshell, SNMPv3 involves shared passwords between devices. The thinking is that you wouldn't want your router to have the password of the MARS box.
MARS does use SNMP to notify pre-defined users in the event of a high-level security incident.
Hope this helps.
Best,
Paul
12-30-2007 07:10 AM
Well, think about it. MARS is nothing
but a hardened customize Linux OS. All Linux
OS will let you configure snmpd with SNMPv3.
SNMPv3 has strong authentication and if you
configure your network properly, it should be
good enough.
If MARS does not accept inbound snmp traffic,
how does one go about monitoring this device
via to make sure that everything is working
properly? Guess what, even firewalls let
you configure snmp for monitoring, and you
don't think is an important device?
It does not make sense for MARS not to accept
inbound snmp if you ask me.
12-31-2007 06:20 AM
As far as I can tell MARS does accept incoming SNMP traps, but unfortunately only an SNMP community string can be used. I have been using this for all devices not touching the internet and configuring them with a read only string.
01-01-2008 01:50 AM
Thank you for your answers, guys. But I want define more precisely my question. If I tune snmp v3 on my network devieces. Is it possible to use snmp RO and RW community string from CS-MARS for recive and mitigate may network devices?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide