Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Infrastructure L3 Switch Security Technical Implementation Guide
  3. V-3210

V-3210

The network device must not use the default or well-known SNMP community strings public and private.

Finding ID
NET1665
Rule ID
SV-3210r4_rule
Severity
Cat I
CCE
(None)
Group Title
Using default SNMP community names.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Network devices may be distributed by the vendor pre-configured with an SNMP agent using the well-known SNMP community strings public for read only and private for read and write authorization. An attacker can obtain information about a network device using the read community string "public". In addition, an attacker can change a system configuration using the write community string "private".

Fix Text

Configure unique SNMP community strings replacing the default community strings.

Check Content

Review the network devices configuration and verify if either of the SNMP community strings "public" or "private" is being used. If default or well-known community strings are used for SNMP, this is a finding.

Responsibility

Information Assurance Officer

Vaulted is more than a library.

SIGN UP FOR FREE