IDPS auxiliary port(s) must be disabled if not approved for use.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000219-IDPS-000177 | SRG-NET-000219-IDPS-000177 | SRG-NET-000219-IDPS-000177_rule | Medium |
| Description |
|---|
| IDS and IPS devices may have auxiliary port(s) which can be configured for local or non-local (remote) access to management functions and diagnostics. This is not a recommended practice since it bypasses the network infrastructure and depends on authentication provided by the device itself. Use of directly attached modems risks sending management communications over commercial circuits and the risk of war-dialing attacks on the device could degrade the device and the production network. Where auxiliary ports are used for remote access, both the modem and the port must be configured to use authentication and encrypted communications. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43321_chk ) |
|---|
| Navigate to the auxiliary port configuration view. Verify the auxiliary port(s) is/are disabled. If any auxiliary port is not disabled, view the configuration to Verify encryption and authentication is enabled on the port. If any of the IDPS device auxiliary port(s) are enabled, but are not configured to allow only encrypted and authenticated communications, this is a finding. |
| Fix Text (F-43321_fix) |
|---|
| Use the management console to perform the following. Navigate to the auxiliary port configuration. Disable the auxiliary ports on all devices. If the port is used, configure it to use encryption and authenticated communications only. |