Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-74087 | CISR-ND-000143 | SV-88761r2_rule | Medium |
Description |
---|
If appropriate actions are not taken when a network device failure occurs, a denial of service condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of network device security components, the HP FlexFabric Switch must activate a system alert message, send an alarm, or shut down. By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the device. This can be facilitated by the switch sending SNMP traps to the SNMP manager that can then have the necessary action taken by automatic or operator intervention. |
STIG | Date |
---|---|
Cisco IOS XE Release 3 NDM Security Technical Implementation Guide | 2018-03-08 |
Check Text ( C-74179r3_chk ) |
---|
Verify that the Cisco IOS XE router is configured to send traps to the SNMP manager. The SNMP configuration should contain commands similar to the example below: snmp-server enable traps snmp-server host x.x.x.x version 3 auth xxxxxxxxx snmp-server user TRAP_NMS1 TRAP_GROUP v3 encrypted auth sha AAAAPPPP priv aes 128 EEEEPPPP Note: In the example above, the following values are used hypothetically: Username for SNMP Manager: TRAP_NMS1 Group for SNMP Manager: TRAP_GROUP User password for HMAC authentication: AAAAPPPP User password for encryption: EEEEPPPP AES key length: 128 If the router is not configured to send traps to the SNMP manager, this is a finding. |
Fix Text (F-80627r2_fix) |
---|
Configure the Cisco IOS XE router to send traps to the SNMP manager. The SNMP configuration should contain commands similar to the example below: snmp-server enable traps snmp-server host x.x.x.x version 3 auth xxxxxxxxx snmp-server user TRAP_NMS1 TRAP_GROUP v3 encrypted auth sha AAAAPPPP priv aes 128 EEEEPPPP Note: In the example above, the following values are used hypothetically: Username for SNMP Manager: TRAP_NMS1 Group for SNMP Manager: TRAP_GROUP User password for HMAC authentication: AAAAPPPP User password for encryption: EEEEPPPP AES key length: 128 |