Modems used for remote access to the IDPS, must be able to authenticate users using two-factor authentication.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000219-IDPS-000178	SRG-NET-000219-IDPS-000178	SRG-NET-000219-IDPS-000178_rule		High

Description
IDPS management consoles may have auxiliary port(s) which can be configured for local or non-local (remote) access to management functions and diagnostics. This is not a recommended practice since it bypasses the network infrastructure since it often relies upon authentication and access control provided by the device itself. Use of directly attached modems without authentication risks the compromise of privileged communications over commercial circuits. However, there may be use cases where this type of access is mission essential. Modems may be attached to auxiliary ports only if they are secured using two-factor authentication. System administrators must be authenticated using a hardware token (e.g., key fob) and granted access to the appropriate maintenance port, thus the technician will gain access to the system. The token provides a method of strong (two-factor) user authentication. The token works in conjunction with a server to generate one-time user passwords that will change values at second intervals. The user must know a personal identification number (PIN) and possess the token to be allowed access to the device.

Description

IDPS management consoles may have auxiliary port(s) which can be configured for local or non-local (remote) access to management functions and diagnostics. This is not a recommended practice since it bypasses the network infrastructure since it often relies upon authentication and access control provided by the device itself. Use of directly attached modems without authentication risks the compromise of privileged communications over commercial circuits. However, there may be use cases where this type of access is mission essential. Modems may be attached to auxiliary ports only if they are secured using two-factor authentication. System administrators must be authenticated using a hardware token (e.g., key fob) and granted access to the appropriate maintenance port, thus the technician will gain access to the system. The token provides a method of strong (two-factor) user authentication. The token works in conjunction with a server to generate one-time user passwords that will change values at second intervals. The user must know a personal identification number (PIN) and possess the token to be allowed access to the device.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43322_chk )
Examine the configuration of the modem. Verify login to the modem to establish a remodel access session requires a hardware token and pin. If access using the auxiliary port does not require two-factor authentication, this is a finding. If authentication is provided by the IDPS application, this is not a finding.

Fix Text (F-43322_fix)
Access the modem configuration. Configure the IDPS and/or the modem to require two-factor authentication for all users, local and remote. Issue hardware tokens and pins to system administrators with a need for access to the IDPS for purposes of device management, monitoring, or diagnostics.