1. Security Guide
  2. Security Features
  3. Configuring Monitoring and Performance Management Features

Configuring Monitoring and Performance Management Features

This section describes ways to monitor health and performance of your SBC.

SNMP

Simple Network Management Protocol (SNMP) is supported on the SBC Wancom0 management interface for polling and traps. To secure your SNMP interface, it is recommended to use a community name other than the standard “public”. Sufficiently obscure community names should adhere to the customer’s corporate naming policies. Further, the list of configured SNMP polling servers and trap receivers must be restricted to only those authorized (via SBC configuration) to manage the SBC. All management stations used for SNMP access should have a permit ACL configured.

The Oracle Communications Session Border Controller supports SNMPv3 by default. To secure your SNMPv3 system, you must configure SNMP users and groups, SNMP managers, and view access to MIB trees. SNMPv3 provides the SNMP agent and SNMP Network Management System (NMS) with protocol security enhancements used to protect your system against a variety of attacks, such as increased authentication, privacy, MIB object access control and trap filtering capabilities.

SNMP Recommendation
  • Set system, system-config, snmp-agent-mode to v3
  • Set system, snmp-user-entry, auth-protocol to SHA-256 or SHA-512
  • Set system, snmp-user-entry, priv-protocol to AES-128

Further detail on SNMP traps and MIBS that should be examined can be found in the MIB Reference Guide.

RADIUS Accounting

The SBC Wancom0 management interface uses RADIUS requests to send accounting and monitoring data to remote RADIUS servers. For reliability, the SBC supports the configuration of multiple RADIUS servers deployed in a number of HA schemes: hunt, failover, round robin, fastest round trip time (RTT) and fewest pending.

The most appropriate scheme according to customer’s corporate policies should be chosen. It is recommended that at least two RADIUS servers be deployed. The secret shared between the SBC and the RADIUS server should be configured to be suitably obscure according to the customer’s corporate naming policies. All management stations used for accounting monitoring services should have a permit ACL configured.

Configuration is detailed in the ACLI Accounting Guide.

HDR over SFTP

The Historical Data Recording (HDR) feature allows the SBC to record data in comma-separated files and periodically sends them to a remote file server. For added security, transfer the HDR record files using SFTP. Note that public key authentication is not available for this feature so the SBC uses password authentication. All management stations used for SFTP access should have a permit ACL configured.

Configuration is detailed in “System Configuration” of the ACLI Configuration Guide.

Syslog

The syslog service should be used for sending system events from the SBC to a Security Event & Incident Monitoring (SEIM) platform or to another operations monitoring platform. The information sent via syslog is also contained locally on the SBC in the acmelog file.

See Appendix I: for examples of important syslog messages to monitor. The default syslog log level is WARNING.

Configuration is detailed in “Syslog and Process Logs” of the ACLI Configuration Guide.