System Security Management in SNMP
Journal: International Journal of Advanced Networking and Applications (Vol.1, No. 06)Publication Date: 2010-05-03
Authors : P. Deivendran; R. Dhanapal Ph.D;
Page : 393-399
Keywords : Systems Management; System Security; SNMP; Agent; MIB;
Abstract
We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the realization of specific system security management functions independently of the underlying architecture. Our definitions pertain to multi-user; multi-tasking operating systems that support TCP/IP communications and a prototype of the SSEC MIB are under development for UNIX system. The proposed management framework follows the manager agent paradigm: an agent is installed on every system connected to the network, communicating with one or more central managers through a management protocol. We have tried not to heavily rely on polling for the manager-agent interaction by using as much as possible asynchronous notification mechanisms and allowing some limited delegated functionality for the agent (scheduling and handling of local scripts). The manager scans the agents for security information, sets specific parameters for monitoring and script execution and receives asynchronous notifications on specific events, whereas the agent maintains a MIB that provides the system-independent interface semantics, executes scripts for security scanning, performs monitoring & logging and generates the asynchronous notification PDUs.
Other Latest Articles
- Threshold based Authorization model for Authentication of a node in Wireless Mesh Networks
- Adaptive CHOKe: An algorithm to increase the fairness in Internet Routers
- Remote Administrative Suite for Unix-Based Servers
- Efficient Bio Metric IRIS Recognition System Using Fuzzy Neural Network
- Data Hiding and Water Marking Security based on nested lattices
Last modified: 2015-12-05 20:12:55