Re: Can CS-MARS support SNMPv3?

more_jazZz_2 · ‎12-28-2007

Hi, can CS-MARS support SNMPv3 feature for monitor and mitigate devices?

pmccubbin · ‎12-30-2007

Hi Zakhar.

The answer to your question is no.

MARS does not accept inbound SNMP traffic. This is a security feature so that MARS cannot be exploited by an outside device.

In a nutshell, SNMPv3 involves shared passwords between devices. The thinking is that you wouldn't want your router to have the password of the MARS box.

MARS does use SNMP to notify pre-defined users in the event of a high-level security incident.

Hope this helps.

Best,

Paul

cisco24x7 · ‎12-30-2007

Well, think about it. MARS is nothing

but a hardened customize Linux OS. All Linux

OS will let you configure snmpd with SNMPv3.

SNMPv3 has strong authentication and if you

configure your network properly, it should be

good enough.

If MARS does not accept inbound snmp traffic,

how does one go about monitoring this device

via to make sure that everything is working

properly? Guess what, even firewalls let

you configure snmp for monitoring, and you

don't think is an important device?

It does not make sense for MARS not to accept

inbound snmp if you ask me.

gojericho0 · ‎12-31-2007

As far as I can tell MARS does accept incoming SNMP traps, but unfortunately only an SNMP community string can be used. I have been using this for all devices not touching the internet and configuring them with a read only string.

more_jazZz_2 · ‎01-01-2008

Thank you for your answers, guys. But I want define more precisely my question. If I tune snmp v3 on my network devieces. Is it possible to use snmp RO and RW community string from CS-MARS for recive and mitigate may network devices?