STIGQter: STIG Summary: Symantec ProxySG NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Symantec ProxySG must use only approved management services protocols.

DISA Rule

SV-104525r1_rule

Vulnerability Number

V-94695

Group Title

SRG-APP-000142-NDM-000245

Rule Version

SYMP-NM-000220

Severity

CAT I

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

By default, Symantec ProxySG has only HTTPS and SSH enabled for management services. SNMP may also be enabled if needed to support the architecture. "HTTP-Console" is not approved for use in DoD.

1. Log on to Web Management Console.
2. Click Configuration >> Services >> Management Services.
3. Uncheck "enabled" next to unapproved management services such as "HTTP-Console".
4. Click "Apply".

Check Contents

Verify unauthorized management protocols are not used on the Symantec ProxySG.

1. Log on to Web Management Console.
2. Click Configuration >> Services >> Management Services.
3. Ensure that only approved management services are enabled. "HTTP-Console", in general, should be disabled.

If Symantec ProxySG does not use only approved management services protocols, this is a finding.

Vulnerability Number

V-94695

Documentable

False

Rule Version

SYMP-NM-000220

Severity Override Guidance

Verify unauthorized management protocols are not used on the Symantec ProxySG.

1. Log on to Web Management Console.
2. Click Configuration >> Services >> Management Services.
3. Ensure that only approved management services are enabled. "HTTP-Console", in general, should be disabled.

If Symantec ProxySG does not use only approved management services protocols, this is a finding.

Check Content Reference

M

Target Key

3517

Comments