Managing access and usage controls in SNMP

Simple Network Management Protocol “SNMP”, which is a component of the Internet Protocol Suite, is the most widely-used protocol in network management systems today. It is used to monitor network-attached devices such as routers, switches, Servers, workstations, printers, etc., for conditions that warrant administrative attention. In its initial versions, SNMPv1 and SNMPv2, SNMP was criticized for its lack of security, however, in its latest version, SNMPv3, it added important security features such as confidentiality, message integrity, authentication, and access control. In this paper we analyze the current approach, used by SNMP for providing access control, and we present new architecture that implements a new type of access control, called Usage Control (UCON), to better-control the access to the SNMP-managed environment at: pre-connection, during connection, and post connection. We believe that our proposed solution will enable owners of the SNMP-managed network to control who can access the system objects “i.e. the MIBs”, to control the activities of both the manager and the agent entities, and to help set some parameters to determine whether a communication between the agent and the manager can continue or should terminate.