How to Implement SNMP communication security on Win2K

Source: Internet
Author: User
Tags snmp

The SNMP Service, also known as the Simple Network Management Protocol, is proposed to solve the router management problem on the Internet. It acts as a proxy in the Windows operating system and collects information that can be reported to the SNMP Management site or the console. The SNMP Service is used to allow the system to collect data and manage Windows 2000/XP/2003-based computers throughout the network.

In general, SNMP messages are sent in plain text, and these messages are easily intercepted and decoded by network analysts such as Microsoft Network Monitor. Unauthorized users can capture community names to obtain important information about network resources. Therefore, for services such as SNMP, you must pay attention to its security before it can be effectively used widely.

To protect our SNMP from being damaged by illegal behaviors, we need to take a series of security measures on the system, such as "IP Security Protocol" to protect SNMP communication. Create an IP Sec policy on the system to protect communications between TCP and UDP ports 161 and 162 to protect the security of the SNMP service.

Step 1: Select "Start> Control Panel> Administrative Tools> Local Security Policy", right-click "IP Security Policy, on the local computer" in the left column ", select "manage IP Filter list and filter operation ".

Step 2: Select "manage IP Filter list" and click "add. In the "IP Filter list", enter "port 161/162" in the name column and enter "port 161/162 filter" in the "Description" box ". Click the remove "add wizard" check box, and then click "add. In the source address box (on the addressing tab in the displayed IP Filter Properties dialog box), select "any IP Address ". In the "target address" area, select "my IP Address" and select "image. Select the check box to match packets with exactly the opposite source and target addresses.

Step 3: click the "protocol" tab and select "UDP" in "select protocol type ". In the "set IP protocol port" area, select "from this port" and enter 161. Click "to this port", enter 161, and click "OK". In the "IP Filter list" dialog box, select "add. Add port 162 again in the same way.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.