ABSTRACT
We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely
the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the
MIB that embeds them. The related security management functions are mainly focused on monitoring external script
execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a
standard interface that will allow the realization of specific system security management functions independently of the
underlying architecture. Our definitions pertain to multi-user; multi-tasking operating systems that support TCP/IP
communications and a prototype of the SSEC MIB are under development for UNIX system. The proposed management
framework follows the manager agent paradigm: an agent is installed on every system connected to the network,
communicating with one or more central managers through a management protocol. We have tried not to heavily rely on
polling for the manager-agent interaction by using as much as possible asynchronous notification mechanisms and allowing
some limited delegated functionality for the agent (scheduling and handling of local scripts). The manager scans the agents
for security information, sets specific parameters for monitoring and script execution and receives asynchronous
notifications on specific events, whereas the agent maintains a MIB that provides the system-independent interface
semantics, executes scripts for security scanning, performs monitoring & logging and generates the asynchronous
notification PDUs.
Keywords: Systems Management, System Security, SNMP, Agent, MIB.