STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must provide the capability for authorized users to remotely view, in real time, all content related to an established user session from a component separate from the HP FlexFabric Switch.

DISA Rule

SV-80551r1_rule

Vulnerability Number

V-66061

Group Title

SRG-NET-000332-L2S-000002

Rule Version

HFFS-L2-000009

Severity

CAT II

CCI(s)

• CCI-001920 - The information system provides the capability for authorized users to remotely view/hear all content related to an established user session in real time.

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to remotely capture ingress and egress packets from any designated switch port for the purpose of monitoring a specific user session as shown in the following example:

[HP]mirroring-group 1 remote-source

[HP]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both

[HP]mirroring-group 1 monitor-port GigabitEthernet 1/0/2

Check Contents

Verify that the HP FlexFabric Switch is capable of capturing ingress and egress packets from any designated switch port for the purpose of remotely monitoring a specific user session.

If the HP FlexFabric Switch is not capable of capturing ingress and egress packets from a designated switch port for the purpose of remotely monitoring a specific user session, this is a finding.

Vulnerability Number

V-66061

Documentable

False

Rule Version

HFFS-L2-000009

Severity Override Guidance

Verify that the HP FlexFabric Switch is capable of capturing ingress and egress packets from any designated switch port for the purpose of remotely monitoring a specific user session.

If the HP FlexFabric Switch is not capable of capturing ingress and egress packets from a designated switch port for the purpose of remotely monitoring a specific user session, this is a finding.

Check Content Reference

M

Target Key

2977

Comments