1.5.4 Do not set 'RW' for any 'snmp-server community'

Information

Specifies read-write access. Authorized management stations can both retrieve and modify MIB objects.

Rationale:

Enabling SNMP read-write enables remote management of the device. Unless absolutely necessary, do not allow simple network management protocol (SNMP) write access.

Impact:

To reduce the risk of unauthorized access, Organizations should disable the SNMP 'write' access for snmp-server community.

Solution

Disable SNMP write access.

hostname(config)#no snmp-server community {<em>write_community_string</em>}

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, CSCv7|9.2

Plugin: Cisco

Control ID: 80a357db1c59578abdd61c74433067082cf1b3c5ba47d186a2b07f849c8d8072