SNMPv3
The Oracle Communications Session Border Controller supports SNMPv3 by default. To secure your SNMPv3 system, you must configure SNMP users and groups, SNMP managers, and view access to MIB trees. SNMPv3 provides the SNMP agent and SNMP Network Management System (NMS) with protocol security enhancements used to protect your system against a variety of attacks, such as increased authentication, privacy, MIB object access control and trap filtering capabilities.
SNMPv3 Users
An identity must be created for an SNMPv3 user to specify their name, security protocol choices, passwords for secure authentication and privacy, and the ability to receive secured traps. You configure SNMPv3 users to protect your SNMPv3 system from any unauthorized SNMP agent that uses message capture and replay or a network traffic source that uses an incorrect password or security level.
SNMPv3 User Groups
A group of SNMPv3 users can be specified for easy management and access control.
Each SNMPv3 user can be configured to belong to a specific security model and security level. You can choose either the SNMPv1 and v2 model or the SNMPv3 model (which is selected for you by default). When you assign a security level to a group, this level is consistent for all users within this group and the security level can be used across multiple OCSBC devices. Also, these security levels determine how data is encrypted to prevent information leaks and stop an unauthorized user from scrambling the contents of an SNMP packet.
- The default authPriv security level specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols and the privacy password is encrypted using the AES128 authentication protocol. Using this security level provides user authentication and ensures message privacy so that the trap is not tampered with during transit.
- The noAuthNoPriv security level specifies that the user group is authenticated by a string match of the user name and requires no authorization and no privacy similar to SNMPv1 and SNMPv2.
- The authNoPriv security level specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols to produce a key used to authenticate the trap and ensure the identity of the user.
You can also configure an SNMPv3 user group to allow the co-existence of multiple SNMP message version types at the same time, specify a list of users belonging to the group, and assign the group privilege to read, write, and add SNMP objects and receive trap notifications.
SNMPv3 Manager Access
You identify an SNMPv3 manager by adding its name and IP address to authenticate and interpret traffic, such as secure traps that it receives from the SNMP agent device (OCSBC). This traffic is kept private during transit by using time stamps and boot counts to protect against delayed packets.
SNMPv3 Views
SNMPv3 utilizes a view-access-control model (VACM) for checking whether a specific type of access to a specific managed object is allowed through the SNMPv3. You can configure individual parameters used to include or exclude view access to single or multiple MIB OID nodes for an SNMPv3 view name.