1.11.5 Ensure 'SNMP community string' is not the default string

Information

Sets a SNMP community string different from the default one

Rationale:

The SNMP community string is a key used both by the security appliance and the NMS server. The security appliance accepts or rejects the requests from the NMS is a valid key is submitted.

From version 8.2(1) and above, for each community string, there are two SNMP server groups created, one for version 1 and another for version 2C. The default SNMP community string is public and can be used by an attacker to collect unauthorized information from the ASA and hence should be changed.

Solution

Run the following command to configure the SNMP community string

hostname(config)#snmp-server community <snmp_community_string>

In a multi-context environment, run the same command in the context.

Default Value:

The default community string is public.

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5e., CSCv6|5.3

Plugin: Cisco

Control ID: 87e69cf47d6c563456f166969b0b0f7f696d7a0b5e03c1d535ef2dc389ec076b