This paper examines the role of Simple Network Management Protocol (SNMP) and remote monitoring in securing a computing environment. It explains how managed devices and SNMP agents collect and translate network management information, and how successive SNMP versions — particularly SNMPv3 — introduced enhanced security features such as the User-based Security Model (USM) and the View-based Access Control Model (VACM). The paper then addresses how remote monitoring complements these protocols by enabling administrators to start, stop, and reconfigure services from remote terminals, thereby providing layered security coverage across large enterprise networks.
Simple Network Management Protocol (SNMP) is a form of network protocol developed to manage servers, workstations, routers, switches, and hubs — collectively known as nodes — on an IP network. Managed devices are network nodes that contain an SNMP agent and reside on a managed network. A managed device collects and stores management information. An agent is a network management software module that resides within a managed device. The agent has local knowledge of management information and translates that information into a form compatible with SNMP. Applications within this system can "monitor and control managed devices" (SNMP: Simple Network Management Protocol, Network Dictionary, 2003).
The agent and management system can be used as screening devices by adding additional protocols that the user must know. The most current version of SNMP — SNMPv3 — introduced a User-based Security Model (USM) for message security through more extensive password protection and deployment. It also introduced a View-based Access Control Model (VACM) for access control, thereby supporting the concurrent use of different security, access control, and message-processing models.
In contrast to the two earlier versions, SNMPv3 "also introduces the ability to dynamically configure the SNMP agent using SNMP SET commands against the MIB objects that represent the agent's configuration. This dynamic configuration support enables addition, deletion, and modification of configuration entries either locally or remotely" (SNMP: Simple Network Management Protocol, Network Dictionary, 2003).
Remote monitoring ensures that a network operator can monitor or manage alarm application configurations for large network enterprises, as opposed to more contained network installations and services. The concept of remote monitoring allows a network administrator to start or stop services or devices, add new services or devices, manage run levels, and adjust security permissions, auditing, and ownership — all from a remote terminal. This capability means, for example, that if a network operator becomes aware of a potential virus spreading through a system, the system can be shut down from a remote location before the infiltration becomes problematic.
With the ability to lock, shut down, and reboot systems, as well as to create additional security processes from remote computers, remote monitoring ensures that security and containment is possible even from a remote location. This allows for larger and more fully integrated systems when combined with remote administrator oversight. Remote monitoring does not mean, of course, that a system can forgo more traditional security devices such as firewalls, virus protection systems, and network passwords.
However, it is a valuable additional layer of protection in distributed systems, ensuring that large networks are cohesively monitored through the use of traditional screening systems. It provides an additional level of control and intelligence to existing security measures, and it monitors features of running processes to detect possible deviations from regular, standardized operations. In some application systems, remote monitoring can even track and create additional screening measures when necessary if threats to system-wide security are detected (RTM, 2004).
Newman, R. C. (2003). Enterprise Security. Upper Saddle River, NJ: Prentice Hall.
RTM. (2004). Retrieved June 17, 2004, from
"Remote monitoring layered with firewalls and antivirus"
Always verify citation format against your institution’s current style guide requirements.