STIGQter: STIG Summary: Symantec ProxySG NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.

DISA Rule

SV-104507r1_rule

Vulnerability Number

V-94677

Group Title

SRG-APP-000121-NDM-000238

Rule Version

SYMP-NM-000130

Severity

CAT II

CCI(s)

• CCI-001493 - The information system protects audit tools from unauthorized access.

Weight

10

Fix Recommendation

1. Obtain a list of authorized personnel and IP addresses that should have access to the Web Management Console or CLI.
2. Log on to the Web Management Console.
3. Click Configuration >> Policy >> Visual Policy Manager.
4. Click "Launch", select the "Admin Access" layer.
5. For every user and/or group listed in the "source" field of each rule, set the "Action" to either "Allow Read/Write access" or "Allow Read-only Access" per the user/group’s assigned privileges.
6. For every user/group, also set the "Service" to "SSH-Console", "HTTPS-Console", or both, per the user/group’s assigned privileges.

Note that DoD requires users to be assigned to groups rather than assigned privileges to individual users whenever possible.

Check Contents

1. Obtain a list of authorized personnel and IP addresses that should have access to the Web Management Console, SSH, or CLI.
2. Log on to the Web Management Console.
3. Click Configuration >> Policy >> Visual Policy Manager.
4. Click "Launch", select the "Admin Access" layer.
5. Verify any users and/or groups listed in the "source" field of each rule have the appropriate "Action" of either "Allow Read/Write access" or "Allow Read-only Access" per the user/group’s assigned privileges.
6. Verify that the users and/or groups have the "Service" set to "SSH-Console", "HTTPS-Console", or both, depending on the user/group’s assigned privileges.

If the Symantec ProxySG is not configured to protect the Web Management Console, SSH, and CLI from unauthorized access, this is a finding.

Vulnerability Number

V-94677

Documentable

False

Rule Version

SYMP-NM-000130

Severity Override Guidance

1. Obtain a list of authorized personnel and IP addresses that should have access to the Web Management Console, SSH, or CLI.
2. Log on to the Web Management Console.
3. Click Configuration >> Policy >> Visual Policy Manager.
4. Click "Launch", select the "Admin Access" layer.
5. Verify any users and/or groups listed in the "source" field of each rule have the appropriate "Action" of either "Allow Read/Write access" or "Allow Read-only Access" per the user/group’s assigned privileges.
6. Verify that the users and/or groups have the "Service" set to "SSH-Console", "HTTPS-Console", or both, depending on the user/group’s assigned privileges.

If the Symantec ProxySG is not configured to protect the Web Management Console, SSH, and CLI from unauthorized access, this is a finding.

Check Content Reference

M

Target Key

3517

Comments