다음을 통해 공유


SNMP Security (Windows CE 5.0)

Send Feedback

SNMP has a security risk, because it is designed to run over a public network, such as the Internet. If the security is compromised, SNMP could expose the device or local network to the public network. To mitigate the security risk, follow the best practices.

Best Practices

Use SNMP in a private network

Windows CE supports SNMP version 2c, which passes credentials without encryption. This behavior is defined by the SNMP protocol and not by Windows CE implementation. This means that an application that monitors the communication channel between the remote manager and the SNMP agent could access the unencrypted credentials.

Identify communities

A community identifies a collection of SNMP managers and agents. You can set up SNMP communities that identify computers that SNMP agents will interact with. Organize SNMP communities by functional organization, following the SNMP distributed security model. SNMP communities are defined in the registry.

By default, the "public" community value in the registry is set to read-access only. For more information, see SNMP Registry Settings.

Configure authentication traps on all SNMP agents

You can configure authentications traps using the registry. The EnableAuthenticationTraps registry key determines whether authentication traps will be generated when a request is received from a nonvalid manager or community. The TrapConfiguration registry key specified the managers to notify. For more information, see Authentication Traps Registry Settings.

Verify services

If you will be monitoring specific services, such as Dynamic Host Configuration Protocol (DHCP) or Windows Internet Name Service (WINS), verify that these services have been successfully installed and configured.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For SNMP registry information, see SNMP Registry Settings.

See Also

Simple Network Management Protocol | Enhancing the Security of a Device

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.