How to Implement SNMP communication security on Win2K

The SNMP Service, also known as the Simple Network Management Protocol, is proposed to solve the router management problem on the Internet. It acts as a proxy in the Windows operating system and collects information that can be reported to the SNMP Management site or the console. The SNMP Service is used to allow the system to collect data and manage Windows 2000/XP/2003-based computers throughout the network.

In general, SNMP messages are sent in plain text, and these messages are easily intercepted and decoded by network analysts such as Microsoft Network Monitor. Unauthorized users can capture community names to obtain important information about network resources. Therefore, for services such as SNMP, you must pay attention to its security before it can be effectively used widely.

To protect our SNMP from being damaged by illegal behaviors, we need to take a series of security measures on the system, such as "IP Security Protocol" to protect SNMP communication. Create an IP Sec policy on the system to protect communications between TCP and UDP ports 161 and 162 to protect the security of the SNMP service.

Step 1: Select "Start> Control Panel> Administrative Tools> Local Security Policy", right-click "IP Security Policy, on the local computer" in the left column ", select "manage IP Filter list and filter operation ".

Step 2: Select "manage IP Filter list" and click "add. In the "IP Filter list", enter "port 161/162" in the name column and enter "port 161/162 filter" in the "Description" box ". Click the remove "add wizard" check box, and then click "add. In the source address box (on the addressing tab in the displayed IP Filter Properties dialog box), select "any IP Address ". In the "target address" area, select "my IP Address" and select "image. Select the check box to match packets with exactly the opposite source and target addresses.

Step 3: click the "protocol" tab and select "UDP" in "select protocol type ". In the "set IP protocol port" area, select "from this port" and enter 161. Click "to this port", enter 161, and click "OK". In the "IP Filter list" dialog box, select "add. Add port 162 again in the same way.