Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3210 | NET1665 | SV-3210r7_rule | ECSC-1 IAIA-1 IAIA-2 | High |
Description |
---|
Community strings default to the name PUBLIC. This is known by those wishing to exert an attack against the devices in the network. This must be changed to something that is in compliance with DISA password guidelines. Not all individuals need write access to the device. Compromising the read password will have less of an impact if it cannot be used to change information. An erroneous message being sent to the NMS can cause network managers to act inappropriately in responding to an alarm or warning. It is important that the information being received is from valid managed devices. |
STIG | Date |
---|---|
WMAN Bridge | 2011-10-07 |
Check Text ( C-3822r1_chk ) |
---|
Interview the network administrators and examine configurations of managed nodes (routers, switches, etc). |
Fix Text (F-3235r2_fix) |
---|
Most network management systems (NMSs) default to a community sign on name of public. This community name will be changed to something that is not easily guessed. It will be protected in the same way as any password is protected. |