The IAO/NSO will ensure that all SNMP community strings are changed from the default values.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3210	NET1665	SV-3210r7_rule	ECSC-1 IAIA-1 IAIA-2	High

Description
Community strings default to the name PUBLIC. This is known by those wishing to exert an attack against the devices in the network. This must be changed to something that is in compliance with DISA password guidelines. Not all individuals need write access to the device. Compromising the read password will have less of an impact if it cannot be used to change information. An erroneous message being sent to the NMS can cause network managers to act inappropriately in responding to an alarm or warning. It is important that the information being received is from valid managed devices.

Description

Community strings default to the name PUBLIC. This is known by those wishing to exert an attack against the devices in the network. This must be changed to something that is in compliance with DISA password guidelines. Not all individuals need write access to the device. Compromising the read password will have less of an impact if it cannot be used to change information. An erroneous message being sent to the NMS can cause network managers to act inappropriately in responding to an alarm or warning. It is important that the information being received is from valid managed devices.

STIG	Date
WLAN Bridge Security Technical Implementation Guide	2011-10-10

Details

Check Text ( C-3822r1_chk )
Interview the network administrators and examine configurations of managed nodes (routers, switches, etc).

Fix Text (F-3235r2_fix)
Most network management systems (NMSs) default to a community sign on name of public. This community name will be changed to something that is not easily guessed. It will be protected in the same way as any password is protected.