STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must have SSH and web management bound to the management interface and Telnet disabled.

DISA Rule

SV-79579r1_rule

Vulnerability Number

V-65089

Group Title

SRG-APP-000142-NDM-000245

Rule Version

WSDP-NM-000046

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Log on to the Default Domain.

Navigate to Network >> Management>> Web Management Service. Set the Administrative State to enabled.

Navigate to Network >> Management>> SSH Service. Set the Administrative State to enabled.

In the Local IP Address field, enter the local IP address of the device monitors for incoming SSH requests.

Click "Apply" to save the changes to the running configuration.

Click "Save Config" to save the changes to the startup configuration.

Check Contents

Logon to the Default Domain.

Navigate to Network >> Management>> Web Management Service. If the Administrative State is not enabled, this is a finding.

Navigate to Network >> Management>> SSH Service. If the Administrative State is not enabled, this is a finding.

Navigate to Network >> Management>> Telnet Service. If the Administrative State is enabled, this is a finding.

Vulnerability Number

V-65089

Documentable

False

Rule Version

WSDP-NM-000046

Severity Override Guidance

Logon to the Default Domain.

Navigate to Network >> Management>> Web Management Service. If the Administrative State is not enabled, this is a finding.

Navigate to Network >> Management>> SSH Service. If the Administrative State is not enabled, this is a finding.

Navigate to Network >> Management>> Telnet Service. If the Administrative State is enabled, this is a finding.

Check Content Reference

M

Target Key

2861

Comments