DescriptionAs SNMPv2 is not very secure, Indeni will alert if it is used.
Remediation StepsConfigure SNMPv3 instead.Review https://support.f5.com/csp/article/K13625
How does this work?This alert uses the iControl REST interface to extract SNMP configuration.
Why is this important?Version 1 and 2 of the SNMP protocol is unencrypted. This could potentially allow an attacker to obtain valuable information about the infrastructure.
Without Indeni how would you find this?Login to the device's web interface and click on "System" -> "SNMP" -> "Agent" -> " Access (v1, v2c)". This would show a list of configured access for SNMP version 1 and 2c.
View Source Code