NET1660 - An insecure version of SNMP is being used

Information

The network element must use SNMP Version 3 Security Model with FIPS 140-2 validated cryptography for any SNMP agent configured on the device.

SNMP Versions 1 and 2 are not considered secure. Without the strong authentication and privacy that is provided by the SNMP Version 3 User-based Security Model (USM), an unauthorized user can gain access to network management information used to launch an attack against the network.

Solution

If SNMP is enabled, configure the network element to use SNMP Version 3 Security Model with FIPS 140-2 validated cryptography (i.e., SHA authentication and AES encryption).

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|I, CSCv6|3.1, Rule-ID|SV-3196r4_rule, STIG-ID|NET1660, Vuln-ID|V-3196

Plugin: Cisco

Control ID: 13137cf931ea9297e68ed0aa2e1938ed9169cf44d0435bb1ae9267317d99f873