Whenever any SNMP management station sends a request to get or set some data on an SNMP agent, it also sends the community string, which is configured in it along with the request. When the request reaches the SNMP agent, it tries to match this community string with the one you have defined in the agent. If the two strings match, then the SNMP agent answers the request. If not, it rejects the request as an unauthorized request. This way, you can stop unauthorized SNMP management stations from changing parameters on your SNMP agents. Now the important part – you should never leave the community string to public on any of your SNMP agents. This is the default community string, and this way you expose your SNMP agent to any SNMP management station. Anyone with an SNMP manager software installed on his/her PC can make changes to your SNMP agents. So it's always better to change the community string to something else.
This was first published in September 2004