Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Infrastructure L3 Switch Security Technical Implementation Guide
  3. V-3043

V-3043

The network device must use different SNMP community names or groups for various levels of read and write access.

Finding ID
NET1675
Rule ID
SV-3043r4_rule
Severity
Cat II
CCE
(None)
Group Title
SNMP privileged and non-privileged access.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Numerous vulnerabilities exist with SNMP; therefore, without unique SNMP community names, the risk of compromise is dramatically increased. This is especially true with vendors default community names which are widely known by hackers and other networking experts. If a hacker gains access to these devices and can easily guess the name, this could result in denial of service, interception of sensitive information, or other destructive actions.

Fix Text

Configure the SNMP community strings on the network device and change them from the default values. SNMP community strings and user passwords must be unique and not match any other network device passwords. Different community strings (V1/2) or groups (V3) must be configured for various levels of read and write access.

Check Content

Review the SNMP configuration of all managed nodes to ensure different community names (V1/2) or groups/users (V3) are configured for read-only and read-write access. If unique community strings or accounts are not used for SNMP peers, this is a finding.

Responsibility

Information Assurance Officer

Vaulted is more than a library.

SIGN UP FOR FREE