System Security Management via SNMP

We present a framework for managing system security, based on an SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB). We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring, external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the realisation of specific system security management functions independently of the underlying architecture. Our definitions pertain to multi-user, multi-tasking operating systems that support TCP/IP communications and a prototype of the SSEC MIB is under development for UNIX systems. The proposed management framework follows the manager/agent paradigm: an agent is installed on every system connected to the network, communicating with one or more central managers through a management protocol. We have tried not to heavily rely on polling for the manager-agent interaction by using as much as possible asynchronous notification mechanisms and allowing some limited delegated functionality for the agent (scheduling and handling of local scripts). The manager scans the agents for security information, sets specific parameters for monitoring and script execution and receives asynchronous notifications on specific events, whereas the agent maintains a MIB that provides the system-independent interface semantics, executes scripts for security scanning, performs monitoring & logging and generates the asynchronous notification PDUs.