Share via


SNMP Security

This feature has a potential security risk because SNMP is designed to run over a public network, such as the Internet. If the security of the feature is compromised, SNMP could expose the device or local network to the public network. To mitigate the security risk, follow the best practices.

Best Practices

Use SNMP in a private network

Windows CE supports SNMP version 2c, which passes credentials without encryption. This behavior is defined by the SNMP protocol and not by Windows CE implementation. This means that an application that monitors the communication channel between the remote manager and the SNMP agent could access the unencrypted credentials.

Identify communities

A community identifies a collection of SNMP managers and agents. You can set up SNMP communities that identify computers that SNMP agents will interact with. Organize SNMP communities by functional organization, following the SNMP distributed security model. SNMP communities are defined in the registry.

By default, the "public" community value in the registry is set to read-access only. For more information, see SNMP Registry Settings.

Configure authentication traps on all SNMP agents

You can configure authentications traps using the registry. The EnableAuthenticationTraps registry key determines whether authentication traps will be generated when a request is received from a nonvalid manager or community. The TrapConfiguration registry key specified the managers to notify. For more information, see Authentication Traps Registry Settings.

Verify service components

If you will be monitoring service specific components, such as Dynamic Host Configuration Protocol (DHCP) or Windows Internet Name Service (WINS), verify that these services have been successfully installed and configured.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For SNMP registry information, see SNMP Registry Settings.

See Also

Simple Network Management Protocol

 Last updated on Saturday, April 10, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.