rfc2959.txt

来自「中、英文RFC文档大全打包下载完全版 .」· 文本 代码 · 共 1,740 行 · 第 1/5 页

Baugher, et al.             Standards Track                    [Page 25]

RFC 2959                        RTP MIB                     October 2000


4.  Security Considerations

   In most cases, MIBs are not themselves security risks; if SNMP
   security is operating as intended, the use of a MIB to view
   information about a system, or to change some parameter at the
   system, is a tool, not a threat.  However, there are a number of
   management objects defined in this MIB that have a MAX-ACCESS clause
   of read-write and/or read-create.  Such objects may be considered
   sensitive or vulnerable in some network environments.  The support
   for SET operations in a non-secure environment without proper
   protection can have a negative effect on network operations.

   None of the read-only objects in this MIB reports a password, though
   some SDES [RFC1889] items such as the CNAME [RFC1889], the canonical
   name, may be deemed sensitive depending on the security policies of a
   particular enterprise.  If access to these objects is not limited by
   an appropriate access control policy, these objects can provide an
   attacker with information about a system's configuration and the
   services that that system is providing.  Some enterprises view their
   network and system configurations, as well as information about usage
   and performance, as corporate assets; such enterprises may wish to
   restrict SNMP access to most of the objects in the MIB.  This MIB
   supports read-write operations against rtpSessionNewIndex which has
   the side effect of creating an entry in the rtpSessionTable when it
   is written to.  Five objects in rtpSessionEntry have read-create
   access: rtpSessionDomain, rtpSessionRemAddr, rtpSessionIfIndex,
   rtpSessionRowStatus, and rtpSessionIfAddr identify an RTP session to
   be monitored on a particular interface.  The values of these objects
   are not to be changed once created, and initialization of these
   objects affects only the monitoring of an RTP session and not the
   operation of an RTP session on any host end-system.  Since write
   operations to rtpSessionNewIndex and the five objects in
   rtpSessionEntry affect the operation of the monitor, write access to
   these objects should be subject to the appropriate access control
   policy.

   Confidentiality of RTP and RTCP data packets is defined in section 9
   of the RTP specification [RFC1889].  Encryption may be performed on
   RTP packets, RTCP packets, or both.  Encryption of RTCP packets may
   pose a problem for third-party monitors though "For RTCP, it is
   allowed to split a compound RTCP packet into two lower-layer packets,
   one to be encrypted and one to be sent in the clear.  For example,
   SDES information might be encrypted while reception reports were sent
   in the clear to accommodate third-party monitors [RFC1889]."

   SNMPv1 by itself is not a secure environment.  Even if the network
   itself is secure (for example by using IPSec), there is no control as
   to who on the secure network is allowed to access and GET/SET



Baugher, et al.             Standards Track                    [Page 26]

RFC 2959                        RTP MIB                     October 2000


   (read/change/create/delete) the objects in this MIB.  It is
   recommended that the implementers consider the security features as
   provided by the SNMPv3 framework.  Specifically, the use of the
   User-based Security Model RFC 2574 [RFC2574] and the View-based
   Access Control Model RFC 2575 [RFC2575] is recommended.  It is then a
   customer/user responsibility to ensure that the SNMP entity giving
   access to an instance of this MIB, is properly configured to give
   access to the objects only to those principals (users) that have
   legitimate rights to indeed GET or SET (change/create/delete) them.

5.  Acknowledgements

   The authors wish to thank Bert Wijnen and the participants from the
   ITU SG-16 management effort for their helpful comments.  Alan Batie
   and Bill Lewis from Intel also contributed greatly to the RTP MIB
   through their review of various drafts of the MIB and their work on
   the implementation of an SNMP RTP Monitor.  Stan Naudus from 3Com and
   John Du from Intel contributed to the original RTP MIB design and
   co-authored the original RTP MIB draft documents; much of their work
   remains in the current RTP MIB.  Bill Fenner provided solid feedback
   that improved the quality of the final document.

6.  Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.








Baugher, et al.             Standards Track                    [Page 27]

RFC 2959                        RTP MIB                     October 2000


7.  References

   [RFC1889]   Shulzrinne, H., Casner, S., Frederick, R. and V.
               Jacobson, "RTP: A Transport Protocol for real-time
               applications," RFC 1889, January 1996.

   [RFC2571]   Harrington, D., Presuhn, R. and B. Wijnen, "An
               Architecture for Describing SNMP Management Frameworks",
               RFC 2571, April 1999.

   [RFC1155]   Rose, M. and K. McCloghrie, "Structure and Identification
               of Management Information for TCP/IP-based Internets",
               STD 16, RFC 1155, May 1990.

   [RFC1212]   Rose, M. and K. McCloghrie, "Concise MIB Definitions",
               STD 16, RFC 1212, March 1991.

   [RFC1215]   Rose, M., "A Convention for Defining Traps for use with
               the SNMP", RFC 1215, March 1991.

   [RFC2578]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
               Rose, M. and S. Waldbusser, "Structure of Management
               Information Version 2 (SMIv2)", STD 58, RFC 2578, April
               1999.

   [RFC2579]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
               Rose, M. and S. Waldbusser, "Textual Conventions for
               SMIv2", STD 58, RFC 2579, April 1999.

   [RFC2580]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
               Rose, M. and S. Waldbusser, "Conformance Statements for
               SMIv2", STD 58, RFC 2580, April 1999.

   [RFC1157]   Case, J., Fedor, M., Schoffstall, M. and J. Davin,
               "Simple Network Management Protocol", STD 15, RFC 1157,
               May 1990.

   [RFC1901]   Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
               "Introduction to Community-based SNMPv2", RFC 1901,
               January 1996.

   [RFC1906]   Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
               "Transport Mappings for Version 2 of the Simple Network
               Management Protocol (SNMPv2)", RFC 1906, January 1996.







Baugher, et al.             Standards Track                    [Page 28]

RFC 2959                        RTP MIB                     October 2000


   [RFC2572]   Case, J., Harrington D., Presuhn R. and B. Wijnen,
               "Message Processing and Dispatching for the Simple
               Network Management Protocol (SNMP)", RFC 2572, April
               1999.

   [RFC2574]   Blumenthal, U. and B. Wijnen, "User-based Security Model
               (USM) for version 3 of the Simple Network Management
               Protocol (SNMPv3)", RFC 2574, April 1999.

   [RFC1905]   Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
               "Protocol Operations for Version 2 of the Simple Network
               Management Protocol (SNMPv2)", RFC 1905, January 1996.

   [RFC2573]   Levi, D., Meyer, P. and B. Stewart, "SNMPv3
               Applications", RFC 2573, April 1999.

   [RFC2575]   Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based
               Access Control Model (VACM) for the Simple Network
               Management Protocol (SNMP)", RFC 2575, April 1999.

   [RFC2570]   Case, J., Mundy, R., Partain, D. and B. Stewart,
               "Introduction to Version 3 of the Internet-standard
               Network
                Management Framework", RFC 2570, April 1999.



























Baugher, et al.             Standards Track                    [Page 29]

RFC 2959                        RTP MIB                     October 2000


8. Authors' Addresses

   Mark Baugher
   Intel Corporation
   2111 N.E.25th Avenue
   Hillsboro, Oregon  97124
   U.S.A.

   EMail: mbaugher@passedge.com


   Bill Strahm
   Intel Corporation
   2111 N.E.25th Avenue
   Hillsboro, Oregon  97124
   U.S.A.

   EMail: Bill.Strahm@intel.com


   Irina Suconick
   Ennovate Networks
   60 Codman Hill Rd.,
   Boxboro, Ma 01719
   U.S.A.

   EMail: irina@ennovatenetworks.com
























Baugher, et al.             Standards Track                    [Page 30]

RFC 2959                        RTP MIB                     October 2000


9. Full Copyright Statement

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Baugher, et al.             Standards Track                    [Page 31]