1.5.3 Unset 'public' for 'snmp-server community'

Information

An SNMP community string permits read-only access to all objects.

Rationale:

The default community string 'public' is well known. Using easy to guess, well known community string poses a threat that an attacker can effortlessly gain unauthorized access to the device.

Impact:

To reduce the risk of unauthorized access, Organizations should disable default, easy to guess, settings such as the 'public' setting for snmp-server community.

Solution

Disable the default SNMP community string 'public'

hostname(config)#no snmp-server community {public}

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, CSCv7|9.2

Plugin: Cisco

Control ID: 2fcd053a23b5d7e4240366badd47fab75b6d289d8a3fdc35273b97b65fd89ee4