1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Specifies authentication of a packet with encryption when using SNMPv3

Rationale:

SNMPv3 provides much improved security over previous versions by offering options for Authentication and Encryption of messages. When configuring a user for SNMPv3 you have the option of using a range of encryption schemes, or no encryption at all, to protect messages in transit. AES128 is the minimum strength encryption method that should be deployed.

Impact:

Organizations using SNMP can significantly reduce the risks of unauthorized access by using the 'snmp-server group v3 priv' setting to encrypt messages in transit.

Solution

For each SNMPv3 group created on your router add privacy options by issuing the following command...

hostname(config)#snmp-server group {<em>group_name</em>} v3 priv

Default Value:

No SNMP server groups are configured.

See Also

https://workbench.cisecurity.org/files/3801