An HIDS has not been implemented on the SNMP manager

From Network Devices Security Technical Implementation Guide

Part of A HIDS hasn't been implemented on the SNMP manager

Associated with IA controls: ECID-1

SV-19130r1_rule An HIDS has not been implemented on the SNMP manager

Vulnerability discussion

The SNMP manager provides the interface between the network management personnel and the managed network. On the other hand, the SNMP agent provides the interface between the manager and the device being managed. The manager is the collector of alarm information via SNMP traps as well as statistical and historical management information retrieved by polling the agents within the managed network. This information is vital for real time monitoring and alarm management as well as for strategic planning and performance management. In addition to the SNMP safeguards outlined in section 2, IA measures must be implemented to mitigate the risk of the SNMP manager being compromised.

Check content

Interview the IAO and the administrator to determine if the SNMP manager is compliant. Have the administrator provide a demonstration of the HIDS capability to ensure that it is configured and in operation

Fix text

Implement an HIDS to provide access control for the SNMP data as well as provide the necessary protection against unauthorized modifications and access.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer