STIGQter: STIG Summary: A10 Networks ADC NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 15 Apr 2016:

The A10 Networks ADC must not use SNMP Versions 1 or 2.

DISA Rule

SV-82579r1_rule

Vulnerability Number

V-68089

Group Title

SRG-APP-000412-NDM-000331

Rule Version

AADC-NM-000119

Severity

CAT I

CCI(s)

• CCI-003123 - The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

The following commands enable SNMP and SNMP traps:
snmp-server enable
snmp-server enable traps
Note: This will enable sending all traps.

The following command sets Unique engineID:
snmp-server engineID [hex-string]

The commands below define SNMP OIDs to include when discovering the device via an SNMPv3 manager.

The following command defines the group view:
snmp-server view [view-name] 1.3.6 included

The following command defines SNMPv3 user-based groups:
snmp-server user [username] group [groupname] v3 [auth [md5 | sha] password [encrypted]]:
Note: Use the SHA option since MD5 is not compliant.

The following command defines the SNMPv3 console:
snmp host [IP_address] version v3 user [name] udp-port 162

The following command enables SNMP on the management interface:
enable-management service snmp management

Check Contents

Review the device configuration.

The following command shows the running configuration and filters the output on the string "snmp-server":
show run | inc snmp-server

If the output shows servers using SNMPv1 or SNMPv2, this is a finding.

Vulnerability Number

V-68089

Documentable

False

Rule Version

AADC-NM-000119

Severity Override Guidance

Review the device configuration.

The following command shows the running configuration and filters the output on the string "snmp-server":
show run | inc snmp-server

If the output shows servers using SNMPv1 or SNMPv2, this is a finding.

Check Content Reference

M

Target Key

2915

Comments