Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6657 | SAN04.023.00 | SV-6803r1_rule | Medium |
Description |
---|
SNMP, by virtue of what it is designed to do, can be a large security risk. Because SNMP can obtain device information and set device parameters, unauthorized users can cause damage. Therefore access to a SAN device from an IP address outside of the internal network will not be allowed. The IAO/NSO will ensure IP addresses of the hosts that are permitted SNMP access to the SAN management devices belong to the internal network. |
STIG | Date |
---|---|
Storage Area Network STIG | 2018-10-03 |
Check Text ( C-2583r1_chk ) |
---|
The reviewer will, with the assistance of the IAO/NSO, verify that the IP addresses of the hosts permitted SNMP access to the SAN management devices belong to the internal network. The ACLs for the SAN ports should be checked. |
Fix Text (F-6254r1_fix) |
---|
Develop a plan to restrict SNMP access to SAN devices to only internal network IP addresses. Obtain CM approval of the plan and implement the plan. |