Documentation - V-269793

V-269793

Dell OS10 Switch NDM Security Technical Implementation Guide

CAT II

Title

The Dell OS10 Switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).

Description

<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk. A local connection is any connection with a device communicating without the use of a network. A network connection is any connection with a device that communicates through a network (e.g., local area or wide area ne...

Fix Text (Documentation Requirement)

Configure the OS10 Switch to authenticate SNMP messages using a FIPS-validated Keyed-HMAC. Ensure FIPS mode is enabled. OS10(config)# crypto fips enable WARNING: Upon committing this configuration, the system will regenerate SSH keys. Please consult documentation and toggle FIPS mode only if you know what you are doing! Continue? [yes/no(default)]:yes OS10(config)# Configure an SNMP user to enforce SHA authentication. OS10(config)# snmp-server group Group3 3 priv notify NOTIFY OS10(config)# snmp-server user User3 Group3 3 auth sha ********** priv aes ********** Configure the SNMP server to use version 3 and enforce SHA authentication (auth) or both SHA authentication and AES encryption (priv). OS10(config)# snmp-server host 10.10.10.10 version 3 priv User3 snmp

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel