Details

SNMP v2 while similar to v1 aside from adding support for 64 bit counters and the ability to use complex strings.

Rationale:

Utilizing complex strings with SNMPv2 is no different then using complex passwords. By using the complex string you are making it more difficult for an attacker to guess the string. Strings should not contain dictionary words or rely on ‘l33t-speak’ spelling. Keep in mind that SNMPv2 is a clear-text protocol, so is subject to interception. This means that these strings are passed in clear-text during SNMPv2 operations, so can be ‘harvested’ by a well-positioned attacker. Also SNMP results are susceptible to capture or modification in transit.

Solution

switch(config)# snmp-server community ro

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3102https://workbench.cisecurity.org/files/3102

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

• 800-53|CM-6
• CSCv7|5.1

Source

• Tenable.com/audits