The IDPS must use SNMP Version 3 (SNMPv3) Security Model with FIPS 140-2 compliant cryptography (i.e., SHA authentication and AES encryption).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000242-IDPS-000221 | SRG-NET-000242-IDPS-000221 | SRG-NET-000242-IDPS-000221_rule | Medium |
| Description |
|---|
| SNMP Versions 1 and 2 are not considered secure. Without the strong authentication and privacy that is provided by the SNMP Version 3 User-based Security Model (USM), an attacker or other unauthorized user may gain access to detailed network management information and use that information to launch attacks against the network. To verify the appropriate patches on CISCO devices check the following IAVMs associated with SNMPv1: 2001-B-0001 (V0005809 ) Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability 2002-A-SNMP-001 (V0005835) Multiple Simple Network Management Protocol Vulnerabilities in Perimeter Devices (Cisco Security Advisory: Malformed SNMP Message-Handling Vulnerabilities) To verify the appropriate patches on other vendors, reference this web site: http://www.cert.org/advisories/CA-2002-03.html. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43384_chk ) |
|---|
| Verify the IDPS is configured to use SNMPv3. Verify SNMP is configured to use FIPS 140-2 compliant cryptography (i.e., SHA authentication and AES encryption). If the site uses SNMP and SNMPv3 is not installed, this is a finding. |
| Fix Text (F-43384_fix) |
|---|
| Configure the IDPS to use SNMPv3. Configure SNMP to use FIPS 140-2 compliant cryptography (i.e., SHA authentication and AES encryption). |