EOL/Obsolete Software SNMP Version Detected

We are using Qualys from IBM to do internal, and external, security
detection on our equipment. Apparently it has an issue with the level of
SNMP (or perhaps my implementation of it) utilized by our IBM i at 7.1:

THREAT:
Simple Network Management Protocol (SNMP) is an "Interrnet-standard
protocol for managing devices on IP networks."
The authentication of clients of earlier versions of SNMP is performed
only by a "community string", in effect a type of password, which is
transmitted in cleartext.
The Internet Engineering Task Force (IETF) has designated SNMPv3 a
full Internet standard, the highest maturity level for an RFC. It
considers earlier versions to be obsolete designating them ("Historic").
IMPACT:
The system is at high risk of being exposed to security
vulnerabilities. Since the vendor no longer provides updates, obsolete
software is more vulnerable to viruses and other attacks.
SOLUTION:
Disable or remove SNMPv1/2c authentication. Use SNMP version 3
authentication

SNMPv3 provides additional security features:
Confidentiality - Encryption of packets to prevent snooping by an
unauthorized source.
Integrity - Message integrity to ensure that a packet has not been
tampered with in transit including an optional packet replay protection
mechanism.
Authentication - to verify that the message is from a valid source.

Workaround:

As a temporary measure, block access to SNMP services at the network
perimeter.

In situations where blocking or disabling SNMP is not
possible,restrict all SNMP access to separate, isolated management
networks that are not publicly accessible.


Rob Berendt