The DBN-6300 must be compliant with at least one IETF Internet standard authentication protocol.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-64987	DBNW-DM-000089	SV-79477r1_rule		Medium

Description
Protecting access authorization information (i.e., access control decisions) ensures that authorization information cannot be altered, spoofed, or otherwise compromised during transmission. In distributed information systems, authorization processes and access control decisions may occur in separate parts of the systems. In such instances, authorization information is transmitted securely so timely access control decisions can be enforced at the appropriate locations. To support the access control decisions, it may be necessary to transmit, as part of the access authorization information, supporting security attributes. This is because, in distributed information systems, there are various access control decisions that need to be made, and different entities (e.g., services) make these decisions in a serial fashion, each requiring some security attributes to make the decisions.

Description

Protecting access authorization information (i.e., access control decisions) ensures that authorization information cannot be altered, spoofed, or otherwise compromised during transmission. In distributed information systems, authorization processes and access control decisions may occur in separate parts of the systems. In such instances, authorization information is transmitted securely so timely access control decisions can be enforced at the appropriate locations. To support the access control decisions, it may be necessary to transmit, as part of the access authorization information, supporting security attributes. This is because, in distributed information systems, there are various access control decisions that need to be made, and different entities (e.g., services) make these decisions in a serial fashion, each requiring some security attributes to make the decisions.

STIG	Date
DBN-6300 NDM Security Technical Implementation Guide	2017-09-15

Details

Check Text ( C-65645r2_chk )
Verify that the LDAP authentication server is configured correctly. Navigate to Settings >> Initial Configuration >> Authentication. Verify that the LDAP server entry is correct and the button for "LDAP Based Authentication" is enabled. Verify that the "Native takes precedence" button is set to "Disabled". If the LDAP server entry is not present and enabled, and the "Native takes precedence" button is not set to "Disabled", this is a finding.

Check Text ( C-65645r2_chk )

Verify that the LDAP authentication server is configured correctly.

Navigate to Settings >> Initial Configuration >> Authentication.

Verify that the LDAP server entry is correct and the button for "LDAP Based Authentication" is enabled.

Verify that the "Native takes precedence" button is set to "Disabled".

If the LDAP server entry is not present and enabled, and the "Native takes precedence" button is not set to "Disabled", this is a finding.

Fix Text (F-70927r2_fix)
Navigate to Settings >> Initial Configuration >> Authentication. Enter the correct LDAP server entry. Press the button for "LDAP Based Authentication" so that it is enabled. If necessary, press the "Disabled" button for "Native takes precedence". Press the "Commit" button.