The Avigilon win/lose article turned into a debate about SNMP's role with video surveillance systems. One commenter noted that Avigilon cameras did not support SNMP to which Avigilon dealers responded that SNMP was terrible anyway.
So what do you say about SNMP and video surveillance?
Any experience with it? Any value? Any concerns?
SNMP stands for Simple Network Management Protocol and is used for monitoring various parameters / performance of devices.
Here's a 6 minute overview video for those unfamiliar with SNMP:
I can count on one hand the times where I used SNMP in the field, and it typically was to monitor the status of a remote device like a power supply. There are a number of managed switches that support remote reboot commands via SNMP, and that might be helpful during troubleshooting.
Based on the video above, it would appear that the 'risks' that Mr. Thomas (commenting for the Avigilon camp in the win/lose article) was referring to were present in SNMP v's 1 and 2 ... but not in the current v3 that Mr. Snow apparently knows all about. :)
We've used SNMP to monitor various parameters of our systems for years. Typically, SNMP is used by our systems to trigger an email alert of a system problem via an Exchange server, which we've had since 2006.
I like the video. What Prof Messer missed is that some variables in SNMP are writeable as well as readable. So you can use SNMP to change the config of a system. Some passwords are R/O and some are R/W. Clearly there's a bigger security exposure when the password permits writing. The default (historic favorite) passwords are "public" and "private." It is a network best practice to change all factory default passwords. Our favorite is for SNMP to be turned off as the factory default and then users that want to use it will turn it on -- and set unique passwords when they do.
We do not permit any SNMP access from outside our LAN. That takes the edge off the need for SNMPv3. Still, we are converting all our equipment to v3 as time permits.
I had come up with a "black box" solution using a free SNMP solution at my last job. I figured you could install the box on site and charge a monthly fee for "advanced monitoring" or something. Everyone thought it was a great idea but that's as far as it went. If I was an IT Admin I would definetly use it to monitor my network. I had a few customers that I knew monitored everything through SNMP.
I used to use Nagios to monitor all IP Devices in a very large system. It was the Open Source free version and required in depth administration.
I can count on one hand (maybe one finger) the number of partners I have worked with in the last 10 years who made use of SNMP, and it was driven primarily by the customer.
That's not to say we don't have many other customers using SNMP in their environment, or that SNMP isn't a valuable tool. It's just an observation.
For reference, SNMP support was deprecated by Microsoft as of Windows Server 2012 in favor of Common Information Model (CIM). It's still widely used by network administrators though at the switch/router level, among other things.
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
