STIGQter STIGQter: STIG Summary: HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 28 Jul 2017: DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.

DISA Rule

SV-85111r1_rule

Vulnerability Number

V-70489

Group Title

SRG-OS-000033-GPOS-00014

Rule Version

HP3P-32-001100

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Disable insecure ports via this command by entering the following command:

cli% setnet disableports yes

Confirm the operation by entering "y" and pressing "Enter".

Check Contents

Verify that insecure ports are disabled.

cli% setnet disableports yes

Confirm the operation by entering "y" and pressing "Enter".

If an error is reported, this is a finding.

If available, a remote port scan can also verify that only secure ports are open. From a command shell on a Linux workstation in the operational environment, enter the following command:

cli% nmap -sT -sU -sV --version-all -vv -p1 -65535 <ip address of storage system>

If any port other than 22 (ssh), 123 (ntp), 161 and 162 (snmp), and 5783 (ssl manageability) report as open, this is a finding.

Vulnerability Number

V-70489

Documentable

False

Rule Version

HP3P-32-001100

Severity Override Guidance

Verify that insecure ports are disabled.

cli% setnet disableports yes

Confirm the operation by entering "y" and pressing "Enter".

If an error is reported, this is a finding.

If available, a remote port scan can also verify that only secure ports are open. From a command shell on a Linux workstation in the operational environment, enter the following command:

cli% nmap -sT -sU -sV --version-all -vv -p1 -65535 <ip address of storage system>

If any port other than 22 (ssh), 123 (ntp), 161 and 162 (snmp), and 5783 (ssl manageability) report as open, this is a finding.

Check Content Reference

M

Target Key

3013

Comments