1.5.4 Do not set 'RW' for any 'snmp-server community'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Specifies read-write access. Authorized management stations can both retrieve and modify MIB objects.

Rationale:

Enabling SNMP read-write enables remote management of the device. Unless absolutely necessary, do not allow simple network management protocol (SNMP) write access.

Impact:

To reduce the risk of unauthorized access, Organizations should disable the SNMP 'write' access for snmp-server community.

Solution

Disable SNMP write access.

hostname(config)#no snmp-server community {<em>write_community_string</em>}

See Also

https://workbench.cisecurity.org/benchmarks/12741