How to configure network security for the Simple Network Management Protocol (SNMP) service in Windows Server 2003.
The SNMP service acts as an agent that collects information that can be reported to the SNMP management station or console. You can use the SNMP service to collect data and manage Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 computers across the corporate network.
Typically, the way to secure communication between SNMP agents and SNMP management stations is to specify a shared community name for these agents and management stations. When the SNMP management station sends a query to the SNMP service, the community name of the requester is compared to the community name of the agent. If it matches, the SNMP management station is authenticated. If it does not match, the SNMP agent considers the request to be a failed access attempt and may send an SNMP trap message.
SNMP messages are sent in clear text. These plaintext messages are easily intercepted and decoded by a network analysis program such as Microsoft Network Monitor. Unauthorized people can capture community names to get important information about network resources.
The IP Security protocol (IP SEC) is used to protect SNMP traffic. You can create IP SEC policies that protect traffic on TCP and UDP ports 161 and 162 to protect SNMP transactions.
Create a filter list
To create an IP SEC policy that protects SNMP messages, you first create a filter list. The method is:
Click Start, point to Administrative Tools, and then click Local Security Policy.
Expand the security settings, right-click IP Security Policy on the local computer, and then click Manage IP filter lists and filter actions.
Click the Manage IP filter Lists tab, and then click Add.
In the IP Filter List dialog box, type the SNMP message (161/162) (in the Name box), and then type the TCP and UDP port 161 filters (in the Description box).
Click to clear it by using the Add Wizard check box, and then click Add.
In the Source Address box (located on the Address tab of the displayed IP Filter Properties dialog box), click any IP address. In the Destination Address box, click My IP address. Click Mirroring. Match the packet with the exact opposite source and destination address check box to select it.
Click the Protocol tab. In the Choose Protocol Type box, select UDP. In the Set IP protocol Port box, select from port, and then type 161 in the box. Click to this port, and then type 161 in the box.
Click OK.
In the IP Filter List dialog box, select Add.
In the Source Address box (located on the Address tab of the displayed IP Filter Properties dialog box), click any IP address. In the Destination Address box, click My IP address. Select the mirror, match packets with exactly the opposite source and destination address check box.
Click the Protocol tab. In the Select a protocol type box, click TCP. In the Set IP protocol box, click From port, and then type 161 in the box. Click to this port, and then type 161 in the box.
Click OK.
In the IP Filter List dialog box, click Add.
In the Source Address box (located on the Address tab of the displayed IP Filter Properties dialog box), click any IP address. In the Destination Address box, click My IP address. Click Mirror, match the packet with the exact opposite source and destination address check box to select it.
Click the Protocol tab. In the Choose Protocol Type box, click UDP. In the Set IP protocol box, click From port, and then type 162 in the box. Click to this port, and then type 162 in the box.