STIGQter: STIG Summary: SEL-2740S NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019:

The SEL-2740S must be configured to permit the maintenance and diagnostics communications to specified OTSDN Controller(s).

DISA Rule

SV-102393r1_rule

Vulnerability Number

V-92305

Group Title

SRG-APP-000435-NDM-000315

Rule Version

SELS-ND-001190

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

The adoption of SEL-2740S switches when using SEL-5056 flow controller will have saturation protection automatically enabled using flow meters between the switch and the flow controller. To configure this simply adopt the switches using the default flows which rate limit traffic to the flow controller.
1. Log in to SEL-5056 using Permission Level 3.
2. Confirm all switches are adopted and if not create a configuration object with desired settings and use the new object to adopt the switch.
3. When adoption is complete the flows between the switch and the flow controller use a meter, navigate to the meter page and confirm a new meter was created for that switch and is in the "success" state.

Check Contents

To ensure SEL-2740S necessary diagnostics and maintenance communications, do the following:
1. Log in with Permission Level 3 rights into parent OTSDN Controller.
2. Confirm the desired switch is adopted by checking that there is a green solid border around the switch in the UI on the topology page.
3. Click the switch node and then the Device View button.
4. Confirm a new browser page opens for the diagnostic collection of the switch.

If the SEL-2740S is not successfully talking to the flow controller, this is a finding.

Vulnerability Number

V-92305

Documentable

False

Rule Version

SELS-ND-001190

Severity Override Guidance

To ensure SEL-2740S necessary diagnostics and maintenance communications, do the following:
1. Log in with Permission Level 3 rights into parent OTSDN Controller.
2. Confirm the desired switch is adopted by checking that there is a green solid border around the switch in the UI on the topology page.
3. Click the switch node and then the Device View button.
4. Confirm a new browser page opens for the diagnostic collection of the switch.

If the SEL-2740S is not successfully talking to the flow controller, this is a finding.

Check Content Reference

M

Target Key

3383

Comments