STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

DISA Rule

SV-77445r1_rule

Vulnerability Number

V-62955

Group Title

SRG-APP-000395-NDM-000310

Rule Version

RICX-DM-000109

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to Authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based (network management portion of the requirement).

Navigate to the device CLI
Type: enable
Type: config t
Type: no telnet-server enable
Type: ssh server enable
Type: ssh server allowed-cyphers aes128-cbc, 3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
Type: web enable
Type: no web http enable
Type: web https enable
Type: write memory
Type: exit
Type: exit

Check Contents

Verify that RiOS is configured to authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based (network management portion of the requirement).

Navigate to the device CLI
Type: enable
Type: show configuration full
Verify that 'no telnet-server enable' is in the configuration
Verify that 'ssh server enable' is set in the configuration
Verify that 'web enable' is in the configuration
Verify that 'no web http enable' is in the configuration
Verify that 'web https enable' is in the configuration

If any one of the above settings is missing from the configuration, this is a finding.

Vulnerability Number

V-62955

Documentable

False

Rule Version

RICX-DM-000109

Severity Override Guidance

Verify that RiOS is configured to authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based (network management portion of the requirement).

Navigate to the device CLI
Type: enable
Type: show configuration full
Verify that 'no telnet-server enable' is in the configuration
Verify that 'ssh server enable' is set in the configuration
Verify that 'web enable' is in the configuration
Verify that 'no web http enable' is in the configuration
Verify that 'web https enable' is in the configuration

If any one of the above settings is missing from the configuration, this is a finding.

Check Content Reference

M

Target Key

2931

Comments