1.5.7 Set 'priv' for each 'snmp-server group' using SNMPv3

Information

Specifies authentication of a packet with encryption when using SNMPv3

SNMPv3 provides much improved security over previous versions by offering options for Authentication and Encryption of messages. When configuring a user for SNMPv3 you have the option of using a range of encryption schemes, or no encryption at all, to protect messages in transit. AES128 is the minimum strength encryption method that should be deployed.

Solution

For each SNMPv3 group created on your router add privacy options by issuing the following command...

IOSXR(config)#snmp-server group {snmp_group_name} v3 priv IPv4 {snmp_access-list}

Impact:

Organizations using SNMP can significantly reduce the risks of unauthorized access by using the 'snmp-server group v3 priv' setting to encrypt messages in transit.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv7|4.5

Plugin: Cisco

Control ID: c8a53af525175c67a0f1ad568efb1b97f6bd8acdf6439d03f4b3e709847fd11d