Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-234208 | FGFW-ND-000245 | SV-234208r628777_rule | High |
Description |
---|
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Network devices can accomplish this by making direct function calls to encryption modules or by leveraging operating system encryption capabilities. |
STIG | Date |
---|---|
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide | 2021-01-29 |
Check Text ( C-37393r611811_chk ) |
---|
Log in to the FortiGate GUI with Super-Admin privilege. 1. Open a CLI console, via SSH or available from the GUI. 2. Run the following command: # show full-configuration user ldap | grep -i ldaps The output should be: set secure ldaps If set secure is not set to ldaps, this is a finding. |
Fix Text (F-37358r611812_fix) |
---|
Log in to the FortiGate GUI with Super-Admin privilege. 1. Open a CLI console, via SSH or available from the GUI. 2. Run the following command: # config user ldap # edit {ldap_server_name} # set server {server_ip} # set cnid {cn} # set dn {dc=XYZ,dc=fortinet,dc=COM} # set type regular # set username {cn=Administrator,dc=XYA, dc=COM} # set password {bind password} # set secure ldaps # set ca-cert {CA certificate name} # next # end |