STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must securely configure SNMPv3 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.

DISA Rule

SV-223226r513367_rule

Vulnerability Number

V-223226

Group Title

SRG-APP-000412-NDM-000331

Rule Version

JUSX-DM-000149

Severity

CAT I

CCI(s)

• CCI-003123 - The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

Configure SNMP to use version 3 with privacy options. The following is an example.

[edit]
set snmp location <NAME>
set snmp v3 usm local-engine user <NAME> privacy-AES128
set snmp v3 vacm security-to-group security-model usm security-name <NAME> group <NAMEGROUP>
set snmp v3 vacm access group <NAME-GROUP> default-context-prefix security-model usm
security-level privacy read-view all
set snmp v3 vacm access group <NAME-GROUP> default-context-prefix security-model usm
security-level privacy notify-view all

Check Contents

Verify SNMPv3 is configured with privacy options.

[edit]
show snmp v3

If SNMPv3, AES encryption, and other privacy options are not configured, this is a finding.

Vulnerability Number

V-223226

Documentable

False

Rule Version

JUSX-DM-000149

Severity Override Guidance

Verify SNMPv3 is configured with privacy options.

[edit]
show snmp v3

If SNMPv3, AES encryption, and other privacy options are not configured, this is a finding.

Check Content Reference

M

Target Key

4098

Comments