SNMP, MIBs and the future of cyber-hardening IP security systems
Thankfully, the days are long gone when a security system was a stand-alone, special-purpose apparatus. New security installations no longer feature a stand-alone CCTV system, stand-alone ID badging, or isolated information system authorities. Today, all these security functions, and many more, are much more likely to be part of an integrated security system that links the elements using IP networks to provide improved access, share information, and correlate security data. All of us have greatly benefitted from the upsides of this evolution.
While the old approach was, at least in some ways, easy to understand and implement, it lacked the complexity to respond to real security situations, and it ignored or missed enormous amounts of relevant security information. IP networks offered a new, versatile method for linking systems and transmitting data, and were often able to use infrastructure more efficiently than previous special-purpose hard wiring. As a result, networked security systems, including video surveillance, access control, intrusion sensors, LPR systems, and other elements provide many benefits to users and security managers alike.
However, adding these systems to organizational IT networks also adds complexity and risk to managing the networks they reside on. Even worse, because most IT networks are connected to the internet and the networked world at large, networked security systems can themselves become an entry point for malware and other cyber-threats to the organization, and many of us have also been hurt to some extent by the downsides of this change. Knowing how networked systems exchange and present information can help security management to better understand how to harden these systems from cyber-attacks and enable better management of them.
Network Functionality
In an IP network, one or more administrative computers called managers communicate with managed network elements using SNMP (Simple Network Management Protocol). The managed elements, or devices, include not only network hardware such as routers and servers, but also network-attached hardware such as IP video cameras and access controllers. Each of these managed devices executes special software called an agent that receives requests and reports information to the manager(s), such as what kind of device is connected, how to communicate with it, and the current state of the device. SNMP agents are usually built into professional-grade networkable devices and operating systems. The network managers store the variables that describe the configuration and current state of the network and connected devices in an organized management information base (MIB).
The SNMP protocol itself was first introduced in 1988, called SNMPv1. SNMPv1 was originally intended as an interim protocol for the early stage of the internet, so its security features were minimal – for example, authentication is done using plain text. Despite the enormous security issues, SNMPv1 is still widely supported by network element providers, and still considered a de facto network management protocol. By 1993, work was underway on version 2 to strengthen the security weaknesses of version 1 and boost network performance. The newest release, SNMPv3, was again developed primarily to improve security – including encryption – and became the current standard in 2004.
The latest version, SNMPv3, adds extensive security functionality in both the authentication functions as well as encrypting data for privacy. For example, the newest standard includes protections against unauthorized SNMP entities altering in-transit messages from an authorized source, protections against assuming the identity of an authorized principal, and protection against eavesdropping on the exchanges between SNMP engines, among other improvements.
Security Concerns
Incorporating security devices, subsystems, and functionality into broader IT networks certainly provides users and security management beneficial functionality and flexibility but also has downsides. For example, being able to manage the network remotely or be notified remotely of security events and issues is convenient, but remote access also opens the possibility of providing a doorway for hackers and attackers. In particular, because the very purpose of SNMP is for network administrators to monitor and configure devices remotely over the network, it can also be used by hackers to penetrate, reconfigure, or damage the operation of that network.
But integrating IT networks and security functionality brings new challenges and complexity beyond SNMP security. Many of the key challenges of maintaining, securing, and managing a complex physical security system are issues of scale, and how to communicate with those devices. For example, security cameras are equipped with sophisticated analytics, on-board recording, two-way audio communications, and other functionality, and require frequent updates of their firmware to maintain compatibility, functionality, and security. But real installations often include more than one camera model – and over time, they may include multiple manufacturers, models, and even generations of cameras. The challenge for security managers becomes how to track the installed devices, models, manufacturers, and firmware versions – then to be able to quickly and efficiently update the correct firmware as new versions are released, across hundreds, or even thousands, of installed cameras across the system.
Or take another example; each of the devices – including the video cameras just mentioned – has a password to prevent unauthorized access. How can security managers efficiently, effectively, and securely analyze and manage device passwords across multiple device types, locations, and geographies?
In each of these cases, the challenge is not just communicating to a single device; it involves coordinating and communicating across multiple devices in an orchestrated fashion to accomplish the goal without compromising, or “lowering the shield,” of security. This challenge is not a traditional security-related issue – on the contrary, it falls squarely in the realm of IoT.
Avoiding IoT Issues
Part of the solution to these challenges lies in IoT standards, evolving today for the Internet of Things. For IT security managers in the past, having a strong firewall was the primary security action. Soon, IT security realized that portable storage devices posed a threat, both for data theft and for the introduction of malware, and new protections were required. Today, with hundreds or thousands of intelligent devices connected to the internal network, completely new approaches are required to protect the system from unauthorized access.
One part of the solution is clearly bolstering the software update and patching processes. Physical security systems are very different from typical IT systems because of scale, demanding increased resources devoted to tracking and implementing necessary updates and patches. Planning for this increase will help to avoid a major IoT issue.
A second critically important part is to make sure that security managers keep track of every device that is connected to their network to be sure appropriate and adequate protections are in place. To avoid an IoT issue with unknown network devices, implement a process for managing, assessing, tracking, and verifying every device as it gets added to the network. There should be a logical and orderly way to keep track of the entire inventory, ideally using automation to ensure that unauthorized devices are detected and that the list of devices is always current.
Understand Both Sides
On the one hand, the functionality of connected security devices can support improved security by supporting more advanced situational awareness and providing corroborating information to bolster the findings of any particular sensing system element. On the other hand, every new connected device also adds complexity, increases the need for tracking and updating resources, and creates potential vulnerabilities. Companies that understand both sides of the security equation will be in a better position to take advantage of the opportunities that the emerging IoT will offer, while protecting themselves from the inherent risks.
Bud Broomhead is CEO of Viakoo.