SNMP is based on a model consisting of a manager, an agent, and a database of management information, managed objects and the network protocol. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. The information to be accessed is stored in a specified format in the device database, known as a Management Information Base (MIB), used by both the manager and the agent.
MIBs contain the parameters to be collected for reporting, captured for notifications or configured by the corresponding management software. Basic commands are “gets” to retrieve desired information, “traps” to trigger alarm or condition notifications, and “sets” for configuration and control. There are three common revision levels, or versions, of SNMP - v1, v2c, and v3. Each succeeding version provided more functionality and, importantly, more security.
Version 2c uses log in information known as Community Read and Write strings, analogous to passwords and requiring change from default values. Information, including configuration commands, is sent in the clear. Version 3 provides for far better security and privacy through authentication (using MD5 or SHA hash) and DES or AES encryption. This becomes particularly important if the managed device has been configured to allow system variables to be remotely set — another avenue for a hacker to gain control of IP camera settings.
Impact on the Security Market
In our industry, there are tens or hundreds of vendors, each with their own unique set of MIBs and only discoverable by software packages that have been configured to look for them. Predictably, their usage is sparse.
So what’s an industry to do? Enter the Standards Committee of the Security Industry Association (SIA), which has recently approved an effort to develop an industry set of standard MIBs. This means that vendors from across the industry will get together to decide those conditions which merit monitoring, capturing or configuring. The kinds of conditions could include such things as loss of video, intensity of video compression, excessively high access card retries, over-current, under voltage, hard disk drive utilization, excessive temperature, loss of pressure and more.
By having a solid set of conditions for which MIBs are defined, it is far more likely that third-party monitoring software will supervise the network and attached security devices. Such software may have the ability to discover devices, identify linkages between them, name devices, examine their status and history, provision IP addresses and reconfigure them.