The Sentry must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).

An XCCDF Rule

Description

<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk. A local connection is any connection with a device communicating without the use of a network. A network connection is any connection with a device that communicates through a network (e.g., local area or wide area network).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251000r1028238_rule
Severity: Medium
References: CCI-001967
Updated: 16 days ago

On Sentry console, do the following to configure FIPS mode:

1. SSH to the Sentry. 
2. At the prompt, enter "enable" mode with the secret credentials.
3. Type Configure command.
4. Type FIPS.5. Once reloaded, SSH to the Sentry.
6. Run the "show FIPS".

Then:
1. Log in to Sentry.
2. Go to Settings >> SNMP.
3. Add SNMP Trap Receiver.
4. Enable SNMP Service.
5. Select Protocol v3.
6. Add SNMP v3 Users.
7. Enter User Name.
8. Select Security Level from dropdown.
9. Select AUTH Protocol from dropdown.
10. Enter AUTH Password.
11. Select Privacy Protocol from dropdown.
12. Enter Privacy Password.
13. Click "Save".
14. Enable Link Up/Down Trap.
15. Click "Apply" to save changes.

The Sentry must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).

Description

Remediation - Manual Procedure