NET0894 - The network device must only allow SNMP read-only access - v1/v2c

Information

Enabling write access to the router via SNMP provides a mechanism that can be exploited by an attacker to set configuration variables that can disrupt network operations.

Solution

Configure the network device to allow for read-only SNMP access when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R27_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, Rule-ID|SV-30087r3_rule, STIG-ID|NET0894, Vuln-ID|V-3969

Plugin: Juniper

Control ID: 0b1c237859667c206e16972205db2d663f84606419b262c13a1570b557b48614