Поделиться через


SNMP Security (Windows Embedded CE 6.0)

1/6/2010

SNMP has a security risk, because it is designed to run over a public network, such as the Internet. If the security is compromised, SNMP could expose the device or local network to the public network. To mitigate the security risk, follow the best practices.

Best Practices

Ee489412.collapse(en-US,WinEmbedded.60).gifUse SNMP in a private network

Windows Embedded CE supports SNMP version 2c, which passes credentials without encryption. This behavior is defined by the SNMP protocol and not by Windows Embedded CE implementation. This means that an application that monitors the communication channel between the remote manager and the SNMP agent could access the unencrypted credentials.

Ee489412.collapse(en-US,WinEmbedded.60).gifIdentify communities

A community identifies a collection of SNMP managers and agents. You can set up SNMP communities that identify computers that SNMP agents will interact with. Organize SNMP communities by functional organization, following the SNMP distributed security model. SNMP communities are defined in the registry.

By default, the "public" community value in the registry is set to read-access only. For more information, see SNMP Registry Settings.

Ee489412.collapse(en-US,WinEmbedded.60).gifConfigure authentication traps on all SNMP agents

You can configure authentications traps using the registry. The EnableAuthenticationTraps registry key determines whether authentication traps will be generated when a request is received from a nonvalid manager or community. The TrapConfiguration registry key specified the managers to notify. For more information, see Authentication Traps Registry Settings.

Ee489412.collapse(en-US,WinEmbedded.60).gifVerify services

If you will be monitoring specific services, such as Dynamic Host Configuration Protocol (DHCP) or Windows Internet Name Service (WINS), verify that these services have been successfully installed and configured.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For SNMP registry information, see SNMP Registry Settings.

See Also

Other Resources

Simple Network Management Protocol
Enhancing the Security of a Device