The goal of SNMP is to manage the software and hardware platforms produced by many manufacturers on the Internet. Therefore, SNMP is greatly affected by the Internet standard network management framework.
The SNMP service acts as an agent that collects information that can be reported to an SNMP management station or console. You can use SNMP services to collect data and manage Windows Server 2003, Microsoft Windows XP and Microsoft Windows 2000-based computers across the entire corporate network.
Typically, the method of securing communication between an SNMP agent and an SNMP management station is to assign a shared community name to these agents and management stations. When the SNMP management station sends a query to the SNMP service, the community name of the requester is compared to the community name of the agent. If it matches, the SNMP management station has been authenticated. If it does not match, it indicates that the SNMP agent considers the request to be "failed to access" and may send an SNMP trap message.
SNMP messages are sent in clear text. These plaintext messages are easily intercepted and decoded by a network analysis program such as "Microsoft Network Monitor". Unauthorized personnel can capture community names to get important information about network resources.
<;IP Security Protocol" (IP Sec) can be used to protect SNMP communications. You can create an IP Sec policy that protects traffic on TCP and UDP ports 161 and 162 to protect SNMP transactions.
Creating a Filter List
To create an IP Sec policy that protects SNMP messages, first create a filter list. Here's how:
Click Start, point to Administrative Tools, and then click Local Security Policy.
Expand security settings, right-click on "IP Security Policy on Local Computer" and click "Manage IP Filter List and Filter Action".
Click the “Manage IP Filter List& rdquo; tab and click Add.
In the IP Filter List dialog box, type SNMP message (161/162) (in the Name box), then type the TCP and UDP port 161 filter (in the Description box).
Click the Use “Add Wizard” checkbox to clear it, then click Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Click on “Mirror. Match the packet with the opposite source and destination address check box to select it.
Click the Protocols tab. In the “Select Protocol Type” box, select UDP. In the “Set IP Protocol Port” box, select “From this port”, then type 161 in the box. Click “to this port”, then type 161 in the box.
Click OK.
In the IP Filter List dialog, select Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Check the "Mirror, match packets with opposite source and destination addresses" checkbox.
Click the Protocols tab. In the Select Protocol Type box, click TCP. In the “Set IP Protocol" box, click “From this port”, then type 161 in the box. Click “to this port”, then type 161 in the box.
Click OK.
In the IP Filter List dialog box, click Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Click on the "Mirror, match the packet with the opposite source and destination addresses" checkbox to select it.
Click the Protocols tab. In the “Select Protocol Type” box, click UDP. In the “Set IP Protocol" box, click “From this port”, then type 162 in the box. Click “to this port”, then type 162 in the box.
Click OK, in the IP Filter List dialog box, click Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Click on “Mirror. Match the packet with the opposite source and destination address check box to select it.
Click the Protocols tab. In the Select Protocol Type box, click TCP. In the “Set IP Protocol" box, click “From this port”, then type 162 in the box. Click “to this port”, then type 162 in the box.
Click OK
Click OK in the IP Filter List dialog box, and then click OK in the Manage IP Filter List and Filter Actions dialog box.
Creating an IPSec Policy
To create an IPSec policy to enforce IPSec for SNMP communication, follow these steps:
Right-click on the local computer in the left pane On the IP Security Policy, then click Create IP Security Policy.
“IP Security Policy Wizard”Start. Previous12Next page Total 2 pages
In the win2003 system, users can write data to the shared folder without restrictions due to the per
A friend reported that in the Windows 2003 system, it was unable to upload a large
In Windows 2003 system, the system default login mode requires that you press ctrl+shift+ alt to ena
Windows Server 2003 is Microsofts server operating system for building and storing web applications,
Experts solve the win2003 under the coral polyps QQ can not run a coup
Identifying foreign devices, win2003 has a trick
My love machine, I am the master of 5 major categories of windows password settings
Detailed explanation of Win2003 network server security Raiders
Break win2003 Blue Screen of Death failures of small Raiders
Win2003 system running Sysprep error reasons and solutions
The Windows operating system jumps to the secret of 2038.
Win2003 powerful login management tool -LimitLogin
Smartly enable Windows 2003 Remote Desktop
Five ways to make memory usage more efficient
Win2003 Group Policy Troubleshooting Six Tips
Dealing with "phishing", the IE 6 anti-phishing plugin to help
Win7 video file bilingual parallel
Win7 taskbar preview window shows too slow solution
Win10 Mobile Preview 10536.1004 is being tested, or next week push
Win7 system 64-bit flagship version batch modification photo name
How to quickly extract text from the screen
Unplug the USB keyboard/mouse from sleep, the computer will wake up.
WP leader talks about the current and future of WP8/WP8.1
Please use the Windows 10 system PIN code login function with caution!
Win10 10122 preview version of AMD graphics card problem has been fixed