NET1665 - Using default SNMP community names - 'Community set to Public or Private'

Information

The network device must not use the default or well-known SNMP community strings public and private.

Network devices may be distributed by the vendor pre-configured with an SNMP agent using the well-known SNMP community strings public for read only and private for read and write authorization. An attacker can obtain information about a network device using the read community string 'public'. In addition, an attacker can change a system configuration using the write community string 'private'.

Solution

Configure unique SNMP community strings replacing the default community strings.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_L2_Switch_V8R27_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CAT|I, CSCv6|5.3, Rule-ID|SV-3210r4_rule, STIG-ID|NET1665, Vuln-ID|V-3210

Plugin: Cisco

Control ID: 0da3832171b225badbabefa32d861e84adc7e3cf66cac5e151108b92ef00f9eb