Free DISA STIG and SRG Library | Vaulted

V-70495

The SNMP service on the storage system must use only SNMPv3 or its successors.

Finding ID
HP3P-32-001303
Rule ID
SV-85117r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000480-GPOS-00227
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

SNMP Versions 1 and 2 are not considered secure. Without the strong authentication and privacy provided by the SNMP Version 3 User-based Security Model (USM), an attacker or other unauthorized users may gain access to detailed system management information and use the information to launch attacks against the system.

Fix Text

Configure the OS to use SNMPv3 by entering the command: cli% setsnmpmgr -snmpuser 3parsnmpuser -pw <password> -version 3 <IP address of SNMP manager>

Check Content

Verify that SNMPv3 is enabled by entering the command: cli% showsnmpmgr HostIP Port SNMPVersion User <IP address of SNMP manager> 162 3 <username> If the SNMPVersion is not 3, this is a finding.