STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing content filtering must generate a notification on the console when root-level intrusion events that attempt to provide unauthorized privileged access are detected.

DISA Rule

SV-86079r1_rule

Vulnerability Number

V-71455

Group Title

SRG-NET-000392-ALG-000143

Rule Version

CAGW-GW-000790

Severity

CAT II

CCI(s)

• CCI-002664 - The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise.

Weight

10

Fix Recommendation

There should be no fix for this, as by default the CA API Gateway is configured to disallow remote logons by the root user and detect when an attempt to logon as root has occurred.

Check Contents

Using an SSH client, attempt to log on to the CA API Gateway using the root user. The attempt will fail as root logons from a remote SSH client are disabled by default.

On the main console of the CA API Gateway, log on with the root user and notice the message stating "There were 'x' failed login attempts..." and "Last failed login: date time from address on ssh:notty".

If the logon is allowed or the message does not appear, this is a finding.

Vulnerability Number

V-71455

Documentable

False

Rule Version

CAGW-GW-000790

Severity Override Guidance

Using an SSH client, attempt to log on to the CA API Gateway using the root user. The attempt will fail as root logons from a remote SSH client are disabled by default.

On the main console of the CA API Gateway, log on with the root user and notice the message stating "There were 'x' failed login attempts..." and "Last failed login: date time from address on ssh:notty".

If the logon is allowed or the message does not appear, this is a finding.

Check Content Reference

M

Target Key

3049

Comments