1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3

Information

Specifies authentication of a packet with encryption when using SNMPv3

Rationale:

SNMPv3 provides much improved security over previous versions by offering options for Authentication and Encryption of messages. When configuring a user for SNMPv3 you have the option of using a range of encryption schemes, or no encryption at all, to protect messages in transit. AES128 is the minimum strength encryption method that should be deployed.

Impact:

Organizations using SNMP can significantly reduce the risks of unauthorized access by using the 'snmp-server group v3 priv' setting to encrypt messages in transit.

Solution

For each SNMPv3 group created on your router add privacy options by issuing the following command...

hostname(config)#snmp-server group {<em>group_name</em>} v3 priv

Default Value:

No SNMP server groups are configured.

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-19, 800-53|IA-2(2), CSCv7|4.5

Plugin: Cisco

Control ID: 526a75bd6c8a37b0e53b46fad6f4e4e7d0a98a03b0f412655c3e569407338924