Details

Specifies read-write access. Authorized management stations can both retrieve and modify MIB objects.

Rationale:

Enabling SNMP read-write enables remote management of the device. Unless absolutely necessary, do not allow simple network management protocol (SNMP) write access.

Impact:

To reduce the risk of unauthorized access, Organizations should disable the SNMP ‘write’ access for snmp-server community.

Solution

Disable SNMP write access.

hostname(config)#no snmp-server community {write_community_string}

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3160https://workbench.cisecurity.org/files/3160

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Cisco.

References

• 800-53|SI-4
• CSCv6|9.1
• CSCv7|9.2

Source

• Tenable.com/audits