The IDPS must use organizationally defined replay-resistant authentication mechanisms for network access to privileged accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000146-IDPS-000135	SRG-NET-000146-IDPS-000135	SRG-NET-000146-IDPS-000135_rule		Medium

Description
All authentication credentials must be maintained on an authentication server. Messages between the authenticator and the IDPS validating user credentials must not be vulnerable to a replay attack possibly enabling an unauthorized user to gain access to any IDPS. A replay attack is a form of a network attack in which a valid session or series of IP packets is intercepted by a malicious user who at a later time transmits the packets to gain access to the target device.

Description

All authentication credentials must be maintained on an authentication server. Messages between the authenticator and the IDPS validating user credentials must not be vulnerable to a replay attack possibly enabling an unauthorized user to gain access to any IDPS. A replay attack is a form of a network attack in which a valid session or series of IP packets is intercepted by a malicious user who at a later time transmits the packets to gain access to the target device.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43271_chk )
Verify the configuration for the management console and sensors requires access by a DoD approved replay-resistant authentication method, such as DoD PKI, SecureID, or DoD Alternate Token. If DoD PKI, SecureID, or DoD Alternate Token is not used for authentication, this is a finding.

Fix Text (F-43271_fix)
Configure local accounts to use DoD approved, replay resistant authentication mechanisms for access to the IDPS. Approved methods are DoD PKI, SecureID, or DoD Alternate Token.