TRENDING

Hardening SNMP by IPSec

Create a filter list

To create an IPSec policy to secure SNMP messages, first create the filter list. To do this, follow these steps:

  1. Click Start, point to Administrative Tools, and then click Local Security Policy.
  2. Expand Security Settings, right-click IP Security Policies on Local Computer, and then click Manage IP filter lists and filter actions.
  3. Click the Manage IP Filter Lists tab, and then click Add.
  4. In the IP Filter List dialog box, type SNMP Messages (161/162)in the Name box, and then type Filter for UDP port 161 in the Description box.
  5. Click to clear the Use Add Wizard check box, and then click Add.
  6. In the Source address box on the Addresses tab of the IP Filter Properties dialog box that appears, click Any IP address. In the Destination address box, click My IP Address. Click to select the Mirrored. Match packets with the exact opposite source and destination addresses check box.
  7. Click the Protocol tab. In the Select a protocol type box, click UDP. In the Set the IP protocol port box, click
    From this port, and then type 161 in the box. Click To this port, and then type
    161 in the box, and then click OK.
  8. In the IP Filter List dialog box, click Add.
  9. In the Source address box on the Addresses tab of the IP Filter Properties dialog box, click Any IP address. In the Destination address box, click My IP Address. Click to select the Mirrored. Match pockets with the exact opposite source and destination addresses check box.
  10. Click the Protocol tab. In the Select a protocol type box, click UDP. In the Set the IP protocol box, click
    From this port, and then type 162 in the box. Click To this port, and then type
    162 in the box, and then click OK.
  11. In the IP Filter List dialog box, click Add.
  12. In the Source address box on the Addresses tab of the IP Filter Properties dialog box, click Any IP address. In the Destination address box, click My IP Address. Click to select the Mirrored. Match packets with the exact opposite source and destination addressess check box, and then click OK.
  13. Click OK in the IP Filter List dialog box, and then click OK in the Manage IP filters lists and filter actionsdialog box.

Create an IPSec policy

To create the IPSec Policy to force IPSec for SNMP communications, follow these steps:

  1. Right-click the IP Security Policies on Local Computer in the left pane, and then click Create IP Security Policy.

    The IP Security Policy Wizard starts.

  2. Click Next.
  3. On the IP Security Policy Name page, type Secure SNMP in the Name box. In the Description box, type Force IPSec for SNMP Communications, and then click Next.
  4. Click to clear the Activate the default response rule check box, and then click Next.
  5. On the Completing the IP Security Policy Wizard page, verify that the Edit properties check box is selected, and then click Finish.
  6. In the Secure SNMP Properties dialog box, click to clear the Use Add Wizard check box, and then click Add.
  7. Click the IP Filter List tab, and then click SNMP Messages (161/162).
  8. Click the Filter Action tab, and then click Require Security.
  9. Click the Authentication Methods tab. Kerberos is the default authentication method. If you require alternate authentication methods, click Add. In the New Authentication Method Properties dialog box, select the authentication method that you want from the following list, and then click OK:
    • Active Directory default (Kerberos V5 protocol)
    • Use a certificate from the certification authority (CA)
    • Use this string (preshared key)
  10. In the New Rule Properties dialog box, click Apply, and then click OK.
  11. In the SNMP Properties dialog box, verify that the SNMP Messages (161/162) check box is selected, and then click OK.
  12. In the right pane of the Local Security Settings console, right-click the Secure SNMP rule, and then click Assign.

Complete this procedure on all Windows-based computers that are running the SNMP service. This IPSec Policy must also be configured on the SNMP management station.

https://support.microsoft.com/uz-latn-uz/help/324261/how-to-configure-network-security-for-the-snmp-service-in-windows-serv

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top