Details
Verify that SNMP (Simple Network Management Protocol) is configured and that all the
settings are correct. If SNMP is not being used, it should be disabled.Note- ESXi 5.1 supports SNMPv3 which provides stronger security than SNMPv1 or
SNMPv2, including key authentication and encryption.
*Rationale*
If SNMP is not being used, it should remain disabled. If it is being used, the proper trap
destination should be configured. If SNMP is not properly configured, monitoring
information can be sent to a malicious host.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-# Update the host SNMP Configuration (single host connection required)
Get-VmHostSNMP | Set-VMHostSNMP -Enabled-$true -ReadOnlyCommunity ‘
Notes-. SNMP must be configured on each ESXi host. SNMP settings can be configured using Host Profiles
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system VMware.