STIGQter: STIG Summary: A10 Networks ADC NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 15 Apr 2016:

The A10 Networks ADC must prohibit the use of unencrypted protocols for network access to privileged accounts.

DISA Rule

SV-82545r1_rule

Vulnerability Number

V-68055

Group Title

SRG-APP-000172-NDM-000259

Rule Version

AADC-NM-000062

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the device to prohibit the use of Telnet and HTTP for device management.

The following commands enable management access to the device and the use of SSH, HTTPS, Syslog, and SNMP:
enable-management
service ssh https syslog snmp snmp-trap

Disable HTTP on the management interface:
no enable-management service http management

Note: Do not configure any management protocols on any of the other interfaces.

Disable the web server (HTTP for management).
no web-service server

Check Contents

Review the device configuration.

The following command show the types of management access allowed on each of the interfaces:
show management [ipv4 | ipv6]

The following command shows IPv4 management access information:
show management ipv4

If either Telnet or HTTP is listed as "on" for any interface, this is a finding.

The following command shows IPv6 management access information:
show management ipv6

If either Telnet or HTTP is listed as "on" for any interface, this is a finding.

Verify that HTTP for management is disabled.
show web-service

If HTTP is enabled, this is a finding.

HTTPS is allowed for management and is enabled by default.

Vulnerability Number

V-68055

Documentable

False

Rule Version

AADC-NM-000062

Severity Override Guidance

Review the device configuration.

The following command show the types of management access allowed on each of the interfaces:
show management [ipv4 | ipv6]

The following command shows IPv4 management access information:
show management ipv4

If either Telnet or HTTP is listed as "on" for any interface, this is a finding.

The following command shows IPv6 management access information:
show management ipv6

If either Telnet or HTTP is listed as "on" for any interface, this is a finding.

Verify that HTTP for management is disabled.
show web-service

If HTTP is enabled, this is a finding.

HTTPS is allowed for management and is enabled by default.

Check Content Reference

M

Target Key

2915

Comments