Author: small Xiaoyu
SUMMARY How to configure network security for the "Simple Network Management Protocol" (SNMP) service in Windows Server 2003. The SNMP service plays a role in the agent, which collects information that can be reported to the SNMP management station or console. You can use SNMP services to collect data and manage computers based on Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 throughout the company network. Typically, the method of protecting communication between SNMP proxy and SNMP management stations is to specify a shared community name to these proxy and management stations. When the SNMP management station sends an query to the SNMP service, the request side's community name is compared to the community name of the agent. If you match, it indicates that the SNMP management station has passed authentication. If you do not match, it indicates that the SNMP agent thinks that the request is "failed access" attempt and may send a SNMP trap message. The SNMP message is sent in clear manner. These plain text messages are easily intercept and decode the "Microsoft Network Monitor". Unauthorized people can capture the community name to obtain important information about network resources. IP Security Protocol (IP Sec) can be used to protect SNMP communication. You can create an IP sec policy that protects communications on TCP and UDP ports 161 and 162 to protect SNMP transactions. Creating a Filter List To create an IP Sec policy to protect the SNMP message, first create a list of filters. The method is: Click Start, point to Administrative Tools, and then click Local Security Policy. Expand Security Settings, right-click on the IP Security Policy on the local computer, and then click Manage IP Filter List and Filter Actions. Click the Manage IP Filter List tab, and then click Add. In the IP Filter List dialog box, type SNMP messages (161/162) (in the Name box), then type TCP and UDP port 161 filters (in the explanation box). Click the Use Add Wizard check box, clear it, and then click Add. In the Source Address box (on the Address tab of the IP Filter Properties dialog box), click any IP address. In the Target Address box, click My IP Address. Click Mirror. Match the Packets with Exactly Converse Source and Destination Address check box, select it. Click the Protocol tab. In the Select Protocol Type box, select UDP. In the Set IP Protocol Port box, select "From this port" and type 161 in the box. Click "to this port" and type 161 in the box. Click OK. In the IP Filter List dialog, select Add. In the Source Address box (on the Address tab of the IP Filter Properties dialog box), click any IP address. In the Target Address box, click My IP Address. Select the "Mirror, Match the Packets with Exact Converse Sources and Target Addresses" checkbox. Click the Protocol tab. In the Select Protocol Type box, click TCP. In the Set IP Protocol box, click "From this port", then type 161 in the box. Click "to this port" and type 161 in the box. Click OK. In the IP Filter List dialog box, click Add. In the Source Address box (on the Add-IP Filter Properties dialog box), click any IP address. In the Target Address box, click My IP Address. Click "Mirror, Match the Packets with Exactly Converse Sources and Destination Address" check box, select it. Click the protocol tab. In the Select Protocol Type box, click UDP. In the Set IP Protocol box, click "From this port" and type 162 in the box.
