STIGQter: STIG Summary: A10 Networks ADC NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 15 Apr 2016:

The A10 Networks ADC must disable management protocol access to all interfaces except the management interface.

DISA Rule

SV-82537r1_rule

Vulnerability Number

V-68047

Group Title

SRG-APP-000142-NDM-000245

Rule Version

AADC-NM-000046

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

The following command disables ping, SSH, Telnet, HTTP, HTTPS, and SNMP to a range of interfaces:
no enable-management service all ethernet [number] to [number]

Note: Ping may be used on inward-facing interfaces.

Check Contents

Review the device configuration.

The following command displays the types of management access allowed on each of the device's interfaces:
show management

If SSH, Telnet, HTTP, HTTPS, or SNMP is "on" for any of the interfaces other than the management interface, this is a finding.

Note: Ping may be used on inward-facing interfaces.

Vulnerability Number

V-68047

Documentable

False

Rule Version

AADC-NM-000046

Severity Override Guidance

Review the device configuration.

The following command displays the types of management access allowed on each of the device's interfaces:
show management

If SSH, Telnet, HTTP, HTTPS, or SNMP is "on" for any of the interfaces other than the management interface, this is a finding.

Note: Ping may be used on inward-facing interfaces.

Check Content Reference

M

Target Key

2915

Comments