Information
Do not allow unauthenticated SNMPv3 access.
Rationale:
SNMPv3 provides much improved security over previous versions by offering options for Authentication and Encryption of messages. Authentication in SNMPv3 is performed using Keyed-Hash Message Authentication Code or HMAC. This technique uses a cryptographic hash function in combination with a secret key to authenticate and ensure the integrity of a given message.
JUNOS supports the MD5 and SHA1 hash functions for use in SNMPv3 authentication. MD5 is an older protocol which has shown significant vulnerability in recent years, so the more recent and more trusted SHA1 should be used.
Solution
For each SNMPv3 user created on your router add privacy options by issuing the following command from the [edit snmp v3 usm local-engine] hierarchy;
[edit snmp v3 usm local-engine]
user@host#set user <username> authentication-sha authentication-password <password>
Default Value:
No SNMP communities are set by default on most platforms.