STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017: STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:SV-79615r1_rule
V-65125
SRG-APP-000297-NDM-000281
WSDP-NM-000083
CAT II
10
Configure the DataPower Gateway to use a custom user interface XML file that can be configured to provide the desired logout message to administrators.
From the WebGUI, go to Administration >> Device >> System Settings and associate the custom interface file with the "Customer User Interface" field.
A template of the custom user interface file may be found on the DataPower file system at store:///schemas/dp-user-interface.xsd.
To verify, log out of a web session and an SSH command line session.
Upon logout from the web interface, the DataPower Gateway displays the IBM DataPower Login panel. This is a clear indication that the administrator has logged out.
Upon logout from an administrative SSH command line session, the following message is displayed: "Unauthorized access prohibited. logon:" A clear indication that logout has occurred.
If this message is not present, this is a finding.
V-65125
False
WSDP-NM-000083
To verify, log out of a web session and an SSH command line session.
Upon logout from the web interface, the DataPower Gateway displays the IBM DataPower Login panel. This is a clear indication that the administrator has logged out.
Upon logout from an administrative SSH command line session, the following message is displayed: "Unauthorized access prohibited. logon:" A clear indication that logout has occurred.
If this message is not present, this is a finding.
M
2861