1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3

Information

Specifies authentication of a packet with encryption when using SNMPv3

Rationale:

SNMPv3 provides much improved security over previous versions by offering options for Authentication and Encryption of messages. When configuring a user for SNMPv3 you have the option of using a range of encryption schemes, or no encryption at all, to protect messages in transit. AES128 is the minimum strength encryption method that should be deployed.

Impact:

Organizations using SNMP can significantly reduce the risks of unauthorized access by using the 'snmp-server group v3 priv' setting to encrypt messages in transit.

Solution

For each SNMPv3 group created on your router add privacy options by issuing the following command...

hostname(config)#snmp-server group {<em>group_name</em>} v3 priv

Default Value:

No SNMP server groups are configured.

See Also

https://workbench.cisecurity.org/files/3762

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv7|4.5

Plugin: Cisco

Control ID: 07f4d5b44a86f854ff569f68665d66cc0818db75de51f19389ec5df621a6af26