Check or Attack Name: SNMP Community

The Simple Network Management Protocol (SNMP) for Windows NT Community Name was readable on the host. SNMP reveals a large amount of information, including shares, user names, and the status of running services. The only authentication available is by knowing the SNMP community name. If this information is readable by Everyone, an attacker could gather information that is normally only available to administrator level users.

Edit the Registry to permit only approved users access to the SNMP Community Name.

To edit the registry, follow these steps:

1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
2. Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\S NMP\Parameters\ValidCommunities key.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Set the permissions to permit only approved users access.

—AND—

If SNMP is required, remove the public community name and set the SNMP community name to something difficult to guess. To identify and remove public community names from Windows SNMP:

Detailed information is available from the Microsoft Knowledge Base Article "How to: Configure SNMP security" at http://support.microsoft.com/support/ntserver/serviceware/10140298.asp.

1. Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
2. Click the Services tab.
3. Click SNMP Service.
4. Click Properties.
5. Click the Security tab.
6. Verify that your configuration contains the following secure settings:
• At least one Accepted Community Name exists. Empty lists cause SNMP to accept requests from anyone. (See Microsoft Knowledge Base Article Q99880, "How to: Configure SNMP security" at http://support.microsoft.com/support/kb/articles/q99/8/80.asp.)
• The Accepted Community Names are not default or easily guessed names, such as public.
• The Only Accept SNMP Packets from These Hosts option is selected, and one or more IP Host or IPX address is specified.
• Each host and community name in the lists is a valid destination.
7. In addition to securing SNMP from the control panel, you will want to secure it from the Registry.

Request for Comment document RFC 1157, RFC 1157: A Simple Network Management Protocol, ftp://ftp.isi.edu/in-notes/rfc1157.txt

Microsoft Knowledge Base Article Q99880, SNMP Agent Responds to Any Community Name, http://support.microsoft.com/support/kb/articles/q99/8/80.asp

Microsoft Knowledge-Pak Desktop Suite 10140298, How to: Configure SNMP security, http://support.microsoft.com/support/ntserver/serviceware/10140298.asp

Microsoft Knowledge-Pak Desktop Suite 10141603, How to: Configure SNMP communities, http://support.microsoft.com/support/ntserver/serviceware/10141603.asp