How to configure network security for Windows Server 2003 for the Simple Network Management Protocol (SNMP) service. The SNMP service acts as an agent that collects information that can be reported to an SNMP management station or console. You can use the SNMP service to collect data and manage Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000-based computers across the entire corporate network.
Typically, the method of securing communication between an SNMP agent and an SNMP management station is to assign a shared community name to these agents and management stations. When the SNMP management station sends a query to the SNMP service, the community name of the requester is compared to the community name of the agent. If it matches, the SNMP management station has been authenticated. If it does not match, it indicates that the SNMP agent considers the request to be "failed to access" and may send an SNMP trap message.
SNMP messages are sent in clear text. These plaintext messages are easily intercepted and decoded by a network analysis program such as "Microsoft Network Monitor". Unauthorized personnel can capture community names to get important information about network resources.
<;IP Security Protocol" (IP Sec) can be used to protect SNMP communications. You can create an IP Sec policy that protects traffic on TCP and UDP ports 161 and 162 to protect SNMP transactions.
Creating a Filter List
To create an IP Sec policy that protects SNMP messages, first create a filter list. Here's how:
Click Start, point to Administrative Tools, and then click Local Security Policy.
Expand security settings, right-click on "IP Security Policy on Local Computer" and click "Manage IP Filter List and Filter Action".
Click the “Manage IP Filter List& rdquo; tab and click Add.
In the IP Filter List dialog box, type SNMP message (161/162) (in the Name box), then type the TCP and UDP port 161 filter (in the Description box).
Click the Use “Add Wizard” checkbox to clear it, then click Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Click on “Mirror. Match the packet with the opposite source and destination address check box to select it.
Click the Protocols tab. In the “Select Protocol Type” box, select UDP. In the “Set IP Protocol Port” box, select “From this port”, then type 161 in the box. Click “to this port”, then type 161 in the box.
Click OK.
In the IP Filter List dialog, select Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Check the "Mirror, match packets with opposite source and destination addresses" checkbox.
Click the Protocols tab. In the Select Protocol Type box, click TCP. In the “Set IP Protocol" box, click “From this port”, then type 161 in the box. Click “to this port”, then type 161 in the box.
Click OK.
In the IP Filter List dialog box, click Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Click on the "Mirror, match the packet with the opposite source and destination addresses" checkbox to select it.
Click the Protocols tab. In the “Select Protocol Type” box, click UDP. In the “Set IP Protocol" box, click “From this port”, then type 162 in the box. Click “to this port”, then type 162 in the box.
Click OK, in the IP Filter List dialog box, click Add.
In the "Source Address" box (located on the Address tab of the displayed IP Filter Properties dialog box), click “any IP address”. In the “Destination Address" box, click My IP Address. Click on “Mirror. Match the packet with the opposite source and destination address check box to select it.
Click the Protocols tab. In the Select Protocol Type box, click TCP. In the “Set IP Protocol" box, click “From this port”, then type 162 in the box. Click “to this port”, then type 162 in the box.
Microsoft Windows 2008 Server Chinese Standard Edition (5 users) Microsoft Windows 2008 Server Chine
The school computer room recently upgraded the system to Windows 2003. In order to strengthen manage
Many friends find that the previously partitioned disk partition is not reasonable after using the c
Partition Complement is a way to increase the space for a partition when it does not meet the usage
Router configuration application instance
Windows 2008 Active Directory Rights Management Service
Shutdown does not have to worry. Accelerate Win2003 shutdown operation
IIS Security Tutorial: Making Your Web Server Log Files Safer
Windows 2003 reminds Microsoft: In the next two years, it will show its strengths
The four major faults and solutions in Windows2003
Analysis of WindowsServer2008 hardware requirements
Win2000 system security risks and prevention details
Interpretation windows2008 server manager
Talking about: Win2008 Server System Data Security
How to add programs and Windows components in Win 2003
In-depth analysis of Win 2003 automatic upgrade patch function
Easy to activate batch 7 wins and Office2010
Win 7 system Foxit PDF IFilter plug-in quickly search for massive PDF
Win10 official home version users may be forced to download and install system updates
Laptop does not damage the computer without the battery?
Windows 10 will attract Mac OS X users with this 8 points. Win10 will be released soon
Lifesaving straw talk about server backup and disaster recovery