Ensure 'SNMP community string' is not the default string

Information

Sets a SNMP community string different from the default one

Rationale:

The SNMP community string is a key used both by the security appliance and the NMS server. The security appliance accepts or rejects the requests from the NMS is a valid key is submitted.

From version 8.2(1) and above, for each community string, there are two SNMP server groups created, one for version 1 and another for version 2C. The default SNMP community string is public and can be used by an attacker to collect unauthorized information from the Firepower and hence should be changed.

Solution

Firepower Management Center:

Devices > Platform settings > SNMP

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5c.

Plugin: Cisco_Firepower

Control ID: 8060bb104bed800612ba47bac9f833fff91dc0d07254c70dfb7df05d895e44cb