SNMP Evolves to Meet Technology Needs of Network Infrastructures

March 27, 2014
SIA subcommittee to discuss standards for SNMP at upcoming ISC West conference in Las Vegas

SNMP officially stands for is Simple Network Management Protocol — you may have seen it on a configuration screen for an IP camera or other security device and wondered what it was used for. It really is a pretty useful protocol, and security professionals like Ray Coulombe and Sal D’Agostino think it is time the industry did something with it.

Coulombe, founder and managing director of SecuritySpecifiers.com, explains that SNMP is not new. In fact, it has been around for 25 years. It was originally intended to be replaced by other architectures, but, instead, has evolved in its own right and achieved broad acceptance. Working in conjunction with a range of network monitoring packages, such as HP’s Open View, WhatsUpGold by Ipswitch, and Network Vision’s IntraVue, SNMP can provide a command center or a technician important system information, out of limit or alarm conditions, or the ability to update device parameters. Many security devices support SNMP, but it is rarely used, and when it is, that’s usually done by the same manufacturer’s software or diagnostics.

Now, with the support of the Security Industry Association’s Standards Committee, the security industry is looking for provide integrators, A&Es and end users a roadmap related to SNMP usage and implementation. The SIA SNMP subcommittee is inviting security industry vendors to attend its next meeting at ISC West. The meeting will be held on Thursday, April 3, from 1:30 - 3:00 PM in Sands Expo Room 507.

According to Coulombe, the SIA SNMP subcommittee chairman, “this effort seeks to bring together under one umbrella all of the collective knowledge we can muster in order to allow the security industry to make its devices function with network management software via a protocol that has been in the IT industry for 15 years.”

“End-users, manufacturers and system integrators on the SNMP subcommittee are leveraging internet standards to develop a common means of monitoring physical security devices.  As is the case with applications programming interfaces (APIs) most companies have developed proprietary approaches,” says D’Agostino, CEO of IDmachines and co-chair of the SNMP subcommittee.  “The good thing about what the SNMP subcommittee is doing is that it leaves these intact.  What we are trying to do is to get to a first set of non-proprietary data elements common across vendors of a given physical security device type.  This is an important step forward from the legacy proprietary to open interfaces and it opens up a wide range of services that can be provided.”

Currently, many manufacturers offer varied functionality under the Simple Network Management Protocol (SNMP) through agents called MIB’s (MIB stands for Management Information Base), embedded in their devices. However, across the industry, there has been little “rhyme nor reason” to what’s being monitored or managed in those devices, says Coulombe, resulting in ”missed opportunities to leverage IT protocols and, more importantly, to better serve customers.”

Rodney Thayer, an industry consultant and subcommittee member, further explains that, “the use of standards-based network management provides a valuable addition to the set of tools one can use to manage a modern converged security infrastructure.  It benefits customers and their vendor supply chain through enhanced visibility of the infrastructure and assisting to provide more proactive maintenance.  It will help position physical security solutions to address evolving customer needs, which are including more and more IT-centric requirements.”

In the September issue of Security Technology Executive, Coulombe’s Tech Trends column addressed the SNMP issue (http://www.securityinfowatch.com/article/11135788/simple-network-management-protocol-and-its-impact-on-security). Here are some of the highlights.

How SNMP Works

SNMP is based on a model consisting of a manager, an agent, and a database of management information, managed objects and the network protocol. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. The information to be accessed is stored in a specified format in the device database, known as a Management Information Base (MIB), used by both the manager and the agent.

MIBs contain the parameters to be collected for reporting, captured for notifications or configured by the corresponding management software. Basic commands are “gets” to retrieve desired information, “traps” to trigger alarm or condition notifications, and “sets” for configuration and control. There are three common revision levels, or versions, of SNMP - v1, v2c, and v3. Each succeeding version provided more functionality and, importantly, more security.

Version 2c uses log in information known as Community Read and Write strings, analogous to passwords and requiring change from default values. Information, including configuration commands, is sent in the clear. Version 3 provides for far better security and privacy through authentication (using MD5 or SHA hash) and DES or AES encryption. This becomes particularly important if the managed device has been configured to allow system variables to be remotely set — another avenue for a hacker to gain control of IP camera settings.

Impact on the Security Market

In our industry, there are tens or hundreds of vendors, each with their own unique set of MIBs and only discoverable by software packages that have been configured to look for them. Predictably, their usage is sparse.

So what’s an industry to do? Enter the Standards Committee of the Security Industry Association (SIA), which has recently approved an effort to develop an industry set of standard MIBs. This means that vendors from across the industry will get together to decide those conditions which merit monitoring, capturing or configuring. The kinds of conditions could include such things as loss of video, intensity of video compression, excessively high access card retries, over-current, under voltage, hard disk drive utilization, excessive temperature, loss of pressure and more.

By having a solid set of conditions for which MIBs are defined, it is far more likely that third-party monitoring software will supervise the network and attached security devices. Such software may have the ability to discover devices, identify linkages between them, name devices, examine their status and history, provision IP addresses and reconfigure them.