1.4.1 If SNMPv2 is in use, use a Complex Community String


SNMP v2 while similar to v1 aside from adding support for 64 bit counters and the ability to use complex strings.


Utilizing complex strings with SNMPv2 is no different then using complex passwords. By using the complex string you are making it more difficult for an attacker to guess the string. Strings should not contain dictionary words or rely on 'l33t-speak' spelling. Keep in mind that SNMPv2 is a clear-text protocol, so is subject to interception. This means that these strings are passed in clear-text during SNMPv2 operations, so can be 'harvested' by a well-positioned attacker. Also SNMP results are susceptible to capture or modification in transit.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


switch(config)# snmp-server community <SomeComplexString> ro

See Also


Item Details


References: 800-53|CM-6, CSCv7|5.1

Plugin: Cisco

Control ID: 883fbab988039bb5e8f64c8de1369e5c7181d7c6880f3610f1c9cdb6e232e9ce