STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must authenticate SNMP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

DISA Rule

SV-77447r1_rule

Vulnerability Number

V-62957

Group Title

SRG-APP-000395-NDM-000310

Rule Version

RICX-DM-000110

Severity

CAT II

CCI(s)

• CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Weight

10

Fix Recommendation

Configure RiOS to authenticate SNMP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based (SNMP portion of the requirement).

Navigate to the device Management Console
Navigate to Configure >> System Settings >> SNMP Basic
Click "Add a New Trap Receiver"
Set "Receiver" to the IP address of the trap receiver
Set "Destination Port" to the listening port on the trap receiver
Set "Receiver Type" to v3
Set "Remote User" to the SNMP user on the trap receiver
Set "Authentication" to "Supply a Key"
Set "Authentication Protocol" to "MD5" or "SHA"
Set "Security Level" to "AuthPriv"
Set "Privacy Protocol" to "AES"
Set "Privacy" to "Same as Authentication Key"
Set "MD5/SHA Key" to the proper authentication key
Set "Enable Receiver"
Click "Add"
Click "Enable SNMP Traps"
Click "Apply"

Navigate to the top of the web page and click "Save" to save these settings permanently.

Check Contents

Verify that RiOS is configured to authenticate SNMP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based (SNMP portion of the requirement).

Navigate to the device Management Console
Navigate to Configure >> System Settings >> SNMP Basic
Verify that at least one "Host" is defined under "Trap Receivers"
Verify that the "Host" defined under "Trap Receivers" is set for "Version" v3
Verify that "Enable SNMP Traps" is set

If no "Host" exists under "Trap Receivers or the "Host" is not "Version" v3 and/or "Enable SNMP Traps" is not set, this is a finding.

Vulnerability Number

V-62957

Documentable

False

Rule Version

RICX-DM-000110

Severity Override Guidance

Verify that RiOS is configured to authenticate SNMP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based (SNMP portion of the requirement).

Navigate to the device Management Console
Navigate to Configure >> System Settings >> SNMP Basic
Verify that at least one "Host" is defined under "Trap Receivers"
Verify that the "Host" defined under "Trap Receivers" is set for "Version" v3
Verify that "Enable SNMP Traps" is set

If no "Host" exists under "Trap Receivers or the "Host" is not "Version" v3 and/or "Enable SNMP Traps" is not set, this is a finding.

Check Content Reference

M

Target Key

2931

Comments