Distributed Network Management Security,

Use of SNMP to securely manage distributed networks through firewalls has not been formally described, although features critical to such management are included in SNMP. This document reports on a study performed at Secure Computing Corporation on a method to solve this management function. The project name this study occurred under is Distributed Network Management Security. Slight modifications to the SNMP V2 User-Based Security Model RFC 1910 and a conceptual redeployment of some of the functions contained within this model provide a basis for this study. The acronym DNMS will be used in this document to refer to the modifications. The basis for the DNMS extensions is a firewall platform that contains at least two distinct network stack implementations, one for the exterior, or public network, and one for the interior, or protected network. DNMS consists of two SNMP V2 proxies, one on each network, with the security-related functions implemented in a third component that also serves as the communication path between the two proxy components. This implementation allows the management and use of SNMP security to be concentrated in the firewalls, where it is assumed that the threats being protected against lie outside the firewall.