Description: |
By default, Windows NT provides information that is normally available only to administrators via the Simple Network Management Protocol (SNMP). If your security policy does not allow publishing information about Windows NT services, users, and shares via a protocol with very minimal security, disable SNMP or this feature. |
Remedy: |
Disable SNMP if it is not required. If your systems require SNMP, delete the CurrentVersion registry value and choose a community name that is hard to guess.
To remove the SNMP service from Windows NT, follow these steps:
- Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
- Click the Services tab and select the SNMP Service
- Click Remove and confirm the removal.
- Click OK.
—OR—
If your security policy requires SNMP:
- Go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents key and delete the SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion value.
WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
- Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
- Go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents key.
- Highlight the SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion value.
- From the Edit menu, select Delete. Click Yes to confirm the deletion of this value.
- Remove the public community name and set the SNMP community name to something difficult to guess. Detailed information is available from the Microsoft Knowledge Base Article "How to: Configure SNMP security" at http://support.microsoft.com/support/ntserver/serviceware/10140298.asp.
- Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
- Click the Services tab.
- Click the Services tab and select the SNMP Service.
- Click Properties to display the SNMP Properties dialog box.
- Click the Security tab.
- Verify that your configuration contains the following secure settings:
- At least one Accepted Community Name exists. Empty lists cause SNMP to accept requests from anyone. (See Microsoft Knowledge Base Article Q99880, "How to: Configure SNMP security" at http://support.microsoft.com/support/kb/articles/q99/8/80.asp.)
- The Accepted Community Names are not default or easily guessed names, such as public.
- The Only Accept SNMP Packets from These Hosts option is selected, and one or more IP Host or IPX address are specified.
- Each host and community name in the lists is a valid destination.
- In addition to securing SNMP from the control panel, you will want to secure it from the Registry.
|