Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
Other versions of this page are also available for the following:
Windows Mobile Not Supported Windows Embedded CE Supported
8/28/2008

SNMP has a security risk, because it is designed to run over a public network, such as the Internet. If the security is compromised, SNMP could expose the device or local network to the public network. To mitigate the security risk, follow the best practices.

Best Practices

Use SNMP in a private network

Windows Embedded CE supports SNMP version 2c, which passes credentials without encryption. This behavior is defined by the SNMP protocol and not by Windows Embedded CE implementation. This means that an application that monitors the communication channel between the remote manager and the SNMP agent could access the unencrypted credentials.

Identify communities

A community identifies a collection of SNMP managers and agents. You can set up SNMP communities that identify computers that SNMP agents will interact with. Organize SNMP communities by functional organization, following the SNMP distributed security model. SNMP communities are defined in the registry.

By default, the "public" community value in the registry is set to read-access only. For more information, see SNMP Registry Settings.

Configure authentication traps on all SNMP agents

You can configure authentications traps using the registry. The EnableAuthenticationTrapsregistry key determines whether authentication traps will be generated when a request is received from a nonvalid manager or community. The TrapConfigurationregistry key specified the managers to notify. For more information, see Authentication Traps Registry Settings.

Verify services

If you will be monitoring specific services, such as Dynamic Host Configuration Protocol (DHCP) or Windows Internet Name Service (WINS), verify that these services have been successfully installed and configured.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Notein the registry settings documentation.

For SNMP registry information, see SNMP Registry Settings.

See Also

Other Resources

Simple Network Management Protocol
Enhancing the Security of a Device