Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-66301 | HFFS-ND-000143 | SV-80791r1_rule | Medium |
Description |
---|
If appropriate actions are not taken when a network device failure occurs, a denial of service condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of network device security components, the HP FlexFabric Switch must activate a system alert message, send an alarm, or shut down. By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged on to the device. This can be facilitated by the switch sending SNMP traps to the SNMP manager that can then have the necessary action taken by automatic or operator intervention. |
STIG | Date |
---|---|
HP FlexFabric Switch NDM Security Technical Implementation Guide | 2019-09-27 |
Check Text ( C-66947r1_chk ) |
---|
Determine if the HP FlexFabric Switch is configured to send system alert messages, alarms to a SNMP agent and/or automatically shuts down when a component failure is detected. [HP] display current-configuration snmp-agent snmp-agent local-engineid 800063A280D07E28ECBDB800000001 snmp-agent sys-info version v3 snmp-agent group v3 group1 privacy snmp-agent target-host trap address udp-domain 192.168.16.103 params securityname snmp1 v3 privacy snmp-agent usm-user v3 user1 group1 cipher authentication-mode sha $c$3$3C41avdWWmRMT64buQYb6FLdhVIUpAVHhIGyxIMhX6o3Qe3+GjY= privacy-mode aes128 $c$3$YpvVDasCitD9iCUvGc01ycckCq0rY+c6sThoqny+TjMTlQ== If the HP FlexFabric Switch is not configured to send system alert messages and alarms to a SNMP agent and/or does not automatically shuts down when a component failure is detected, this is a finding. |
Fix Text (F-72377r1_fix) |
---|
Configure the HP FlexFabric Switch to send system alert messages and alarms to a SNMP agent: [HP]snmp-agent [HP]snmp-agent sys-info version v3 [HP]snmp-agent group v3 group1 privacy [HP]snmp-agent target-host trap address udp-domain 192.168.16.103 params securityname snmp1 v3 privacy [HP]snmp-agent usm-user v3 user1 group1 simple authentication-mode xxxxxxxxx privacy-mode aes128 xxxxxxxxx |