SNMP Security (Windows Embedded CE 6.0)
1/6/2010
SNMP has a security risk, because it is designed to run over a public network, such as the Internet. If the security is compromised, SNMP could expose the device or local network to the public network. To mitigate the security risk, follow the best practices.
Best Practices
Use SNMP in a private network
Windows Embedded CE supports SNMP version 2c, which passes credentials without encryption. This behavior is defined by the SNMP protocol and not by Windows Embedded CE implementation. This means that an application that monitors the communication channel between the remote manager and the SNMP agent could access the unencrypted credentials.
Identify communities
A community identifies a collection of SNMP managers and agents. You can set up SNMP communities that identify computers that SNMP agents will interact with. Organize SNMP communities by functional organization, following the SNMP distributed security model. SNMP communities are defined in the registry.
By default, the "public" community value in the registry is set to read-access only. For more information, see SNMP Registry Settings.
Configure authentication traps on all SNMP agents
You can configure authentications traps using the registry. The EnableAuthenticationTraps registry key determines whether authentication traps will be generated when a request is received from a nonvalid manager or community. The TrapConfiguration registry key specified the managers to notify. For more information, see Authentication Traps Registry Settings.
Verify services
If you will be monitoring specific services, such as Dynamic Host Configuration Protocol (DHCP) or Windows Internet Name Service (WINS), verify that these services have been successfully installed and configured.
Default Registry Settings
You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.
For SNMP registry information, see SNMP Registry Settings.
See Also
Other Resources
Simple Network Management Protocol
Enhancing the Security of a Device