STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-229026r518256_rule
V-229026
SRG-APP-000516-NDM-000317
JUSX-DM-000098
CAT III
10
Add an external RADIUS or TACACS+ server, and specify the port number and shared secret of the server. Remote logon using password results in a CAT 1 finding (CCI-000765) for failure to use two-factor authentication. Thus, if the account of last resort uses only password authentication, this configuration prevents remote access. DoD policy is that redundant AAA servers are required to mitigate the risk of a failure of the primary AAA device.
[edit]
set system authentication-order tacplus
or
[edit]
set system authentication-order radius
From operational mode enter the command:
show system authentication-order
If password is set as an option, remove this command from the configuration.
[edit]
delete system authentication-order password
Verify a RADIUS or TACACS+ server order has been configured.
From operational mode enter the command:
show system authentication-order
If the authentication-order for either or both RADIUS or TACACS+ server order has not been configured, this is a finding.
If the authentication-order includes the password method, this is a finding.
V-229026
False
JUSX-DM-000098
Verify a RADIUS or TACACS+ server order has been configured.
From operational mode enter the command:
show system authentication-order
If the authentication-order for either or both RADIUS or TACACS+ server order has not been configured, this is a finding.
If the authentication-order includes the password method, this is a finding.
M
4098