X.5.  Security Considerations

-- if you have any read-write and/or read-create objects, please
-- describe their specific sensitivity or vulnerability.
-- RFC 2669 has a very good example.

   There are a number of management objects defined in this MIB module
   with a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables and objects and state why they are sensitive>

-- else if there are no read-write objects in your MIB module

   There are no management managed objects defined in this MIB the IF-CAP-STACK-MIB module that have
   with a MAX-ACCESS clause of read-write and/or read-create.  So, if
   this MIB module is implemented correctly, then there is no risk that
   an intruder can alter or create any management objects of this MIB
   module via direct SNMP SET operations.

-- for all MIB modules you must evaluate whether any readable objects
-- are sensitive or vulnerable (for instance, if they might reveal
-- customer information or violate personal privacy laws such as
-- those of the European Union if exposed to unauthorized parties)

   Some of the readable objects in this MIB module (i.e., objects those with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments. environments since they can reveal some
   configuration aspects of the network interfaces.

   In particular, ifCapStackStatus and ifInvCapStackStatus can identify
   cross-connect capability of multi-layer (stacked) network interfaces,
   potentially revealing the underlying hardware architecture of the
   managed device.

   It is thus important to control even GET and/or NOTIFY access to these objects and
   possibly
   to even encrypt the values of these objects when sending them
   over the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables and objects and state why they are sensitive>

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPsec),
   there is no control as to who on the secure network is allowed to
   access and GET/SET (read/change/create/delete) the objects in this
   MIB module.

   Implementations SHOULD provide the security features described by the
   SNMPv3 framework (see [RFC3410]), and implementations claiming
   compliance to the SNMPv3 standard MUST include full support for
   authentication and privacy via the User-based Security Model (USM)
   [RFC3414] with the AES cipher algorithm [RFC3826].  Implementations
   MAY also provide support for the Transport Security Model (TSM)
   [RFC5591] in combination with a secure transport such as SSH
   [RFC5592] or TLS/DTLS [RFC6353].

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.