1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3

Information

Specifies authentication of a packet with encryption when using SNMPv3

Rationale:

SNMPv3 provides much improved security over previous versions by offering options for Authentication and Encryption of messages. When configuring a user for SNMPv3 you have the option of using a range of encryption schemes, or no encryption at all, to protect messages in transit. AES128 is the minimum strength encryption method that should be deployed.

Impact:

Organizations using SNMP can significantly reduce the risks of unauthorized access by using the 'snmp-server group v3 priv' setting to encrypt messages in transit.

Solution

For each SNMPv3 group created on your router add privacy options by issuing the following command...

hostname(config)#snmp-server group {<em>group_name</em>} v3 priv

Default Value:

No SNMP server groups are configured.

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6, 800-53|CM-7, 800-53|SC-23, CSCv7|4.5

Plugin: Cisco

Control ID: 8de474f3603e14a6be7dc3a6f63f40cd55099b5f1cbd7310d387d692e1ebb84e